hxxps://github[.]com/Dfmaaa/MEMZ-virus

Analysis

max time kernel
749s
max time network
752s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
19-06-2024 17:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Dfmaaa/MEMZ-virus

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

pid	Process
5132	MEMZ.exe
5280	MEMZ.exe
5300	MEMZ.exe
5324	MEMZ.exe
5348	MEMZ.exe
5364	MEMZ.exe
5404	MEMZ.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
62	raw.githubusercontent.com
63	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 33 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings	control.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings	calc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 121858.crdownload:SmartScreen	msedge.exe

Runs regedit.exe 1 IoCs

pid	Process
5692	regedit.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2588	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2024	msedge.exe
2024	msedge.exe
3552	msedge.exe
3552	msedge.exe
2524	identity_helper.exe
2524	identity_helper.exe
4284	msedge.exe
4284	msedge.exe
5280	MEMZ.exe
5280	MEMZ.exe
5300	MEMZ.exe
5280	MEMZ.exe
5280	MEMZ.exe
5300	MEMZ.exe
5280	MEMZ.exe
5324	MEMZ.exe
5280	MEMZ.exe
5324	MEMZ.exe
5300	MEMZ.exe
5300	MEMZ.exe
5364	MEMZ.exe
5364	MEMZ.exe
5300	MEMZ.exe
5300	MEMZ.exe
5324	MEMZ.exe
5324	MEMZ.exe
5280	MEMZ.exe
5280	MEMZ.exe
5348	MEMZ.exe
5348	MEMZ.exe
5300	MEMZ.exe
5300	MEMZ.exe
5364	MEMZ.exe
5364	MEMZ.exe
5300	MEMZ.exe
5348	MEMZ.exe
5300	MEMZ.exe
5348	MEMZ.exe
5280	MEMZ.exe
5280	MEMZ.exe
5324	MEMZ.exe
5324	MEMZ.exe
5280	MEMZ.exe
5280	MEMZ.exe
5348	MEMZ.exe
5300	MEMZ.exe
5348	MEMZ.exe
5300	MEMZ.exe
5364	MEMZ.exe
5364	MEMZ.exe
5280	MEMZ.exe
5280	MEMZ.exe
5324	MEMZ.exe
5324	MEMZ.exe
5324	MEMZ.exe
5324	MEMZ.exe
5280	MEMZ.exe
5280	MEMZ.exe
5364	MEMZ.exe
5300	MEMZ.exe
5364	MEMZ.exe
5300	MEMZ.exe
5348	MEMZ.exe
5348	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
720	taskmgr.exe
5404	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: 33	1312	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1312	AUDIODG.EXE
Token: 33	5704	mmc.exe
Token: SeIncBasePriorityPrivilege	5704	mmc.exe
Token: 33	5704	mmc.exe
Token: SeIncBasePriorityPrivilege	5704	mmc.exe
Token: 33	5704	mmc.exe
Token: SeIncBasePriorityPrivilege	5704	mmc.exe
Token: SeDebugPrivilege	720	taskmgr.exe
Token: SeSystemProfilePrivilege	720	taskmgr.exe
Token: SeCreateGlobalPrivilege	720	taskmgr.exe
Token: SeShutdownPrivilege	2588	explorer.exe
Token: SeCreatePagefilePrivilege	2588	explorer.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
1192	msedge.exe
1192	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe

Suspicious use of SetWindowsHookEx 52 IoCs

pid	Process
3040	wordpad.exe
3040	wordpad.exe
3040	wordpad.exe
3040	wordpad.exe
3040	wordpad.exe
1476	mmc.exe
5704	mmc.exe
5704	mmc.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
1412	OpenWith.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe
5404	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3552 wrote to memory of 824	3552	msedge.exe	84
PID 3552 wrote to memory of 824	3552	msedge.exe	84
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2528	3552	msedge.exe	85
PID 3552 wrote to memory of 2024	3552	msedge.exe	86
PID 3552 wrote to memory of 2024	3552	msedge.exe	86
PID 3552 wrote to memory of 3520	3552	msedge.exe	87
PID 3552 wrote to memory of 3520	3552	msedge.exe	87
PID 3552 wrote to memory of 3520	3552	msedge.exe	87
PID 3552 wrote to memory of 3520	3552	msedge.exe	87
PID 3552 wrote to memory of 3520	3552	msedge.exe	87
PID 3552 wrote to memory of 3520	3552	msedge.exe	87
PID 3552 wrote to memory of 3520	3552	msedge.exe	87
PID 3552 wrote to memory of 3520	3552	msedge.exe	87
PID 3552 wrote to memory of 3520	3552	msedge.exe	87
PID 3552 wrote to memory of 3520	3552	msedge.exe	87
PID 3552 wrote to memory of 3520	3552	msedge.exe	87
PID 3552 wrote to memory of 3520	3552	msedge.exe	87
PID 3552 wrote to memory of 3520	3552	msedge.exe	87
PID 3552 wrote to memory of 3520	3552	msedge.exe	87
PID 3552 wrote to memory of 3520	3552	msedge.exe	87
PID 3552 wrote to memory of 3520	3552	msedge.exe	87
PID 3552 wrote to memory of 3520	3552	msedge.exe	87
PID 3552 wrote to memory of 3520	3552	msedge.exe	87
PID 3552 wrote to memory of 3520	3552	msedge.exe	87
PID 3552 wrote to memory of 3520	3552	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Dfmaaa/MEMZ-virus
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8489613953249257000,9263924800241727574,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,8489613953249257000,9263924800241727574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,8489613953249257000,9263924800241727574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8489613953249257000,9263924800241727574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8489613953249257000,9263924800241727574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8489613953249257000,9263924800241727574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8489613953249257000,9263924800241727574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8489613953249257000,9263924800241727574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8489613953249257000,9263924800241727574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8489613953249257000,9263924800241727574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8489613953249257000,9263924800241727574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,8489613953249257000,9263924800241727574,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3312 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8489613953249257000,9263924800241727574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,8489613953249257000,9263924800241727574,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6248 /prefetch:8
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,8489613953249257000,9263924800241727574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4284
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:5132
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:5280
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:5300
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:5324
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:5348
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:5364
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:5404
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      PID:5464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:4748
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:1640
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1823211871341768936,11158231542392972861,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        5⤵
        
        PID:5740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,1823211871341768936,11158231542392972861,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
        5⤵
        
        PID:5752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,1823211871341768936,11158231542392972861,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
        5⤵
        
        PID:5856
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1823211871341768936,11158231542392972861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
        5⤵
        
        PID:4592
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1823211871341768936,11158231542392972861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
        5⤵
        
        PID:3236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1823211871341768936,11158231542392972861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
        5⤵
        
        PID:4292
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1823211871341768936,11158231542392972861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
        5⤵
        
        PID:4416
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,1823211871341768936,11158231542392972861,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
        5⤵
        
        PID:2624
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,1823211871341768936,11158231542392972861,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
        5⤵
        
        PID:1904
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1823211871341768936,11158231542392972861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
        5⤵
        
        PID:4284
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1823211871341768936,11158231542392972861,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
        5⤵
        
        PID:5008
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1823211871341768936,11158231542392972861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
        5⤵
        
        PID:3972
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1823211871341768936,11158231542392972861,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
        5⤵
        
        PID:5568
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1823211871341768936,11158231542392972861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2388 /prefetch:1
        5⤵
        
        PID:3696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1823211871341768936,11158231542392972861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
        5⤵
        
        PID:4736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1823211871341768936,11158231542392972861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
        5⤵
        
        PID:988
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1823211871341768936,11158231542392972861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
        5⤵
        
        PID:456
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1823211871341768936,11158231542392972861,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1404 /prefetch:2
        5⤵
        
        PID:3032
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1823211871341768936,11158231542392972861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
        5⤵
        
        PID:4608
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1823211871341768936,11158231542392972861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
        5⤵
        
        PID:2248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
      4⤵
      PID:6016
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:6024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
      4⤵
      PID:1648
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:3976
  - - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
      "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:3040
    - - C:\Windows\splwow64.exe
        
        C:\Windows\splwow64.exe 12288
        5⤵
        
        PID:2500
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:1476
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:5704
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
      4⤵
      PID:5428
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:1472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:1192
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:3544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,10670791795958554920,15070755165512336483,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
        5⤵
        
        PID:6096
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,10670791795958554920,15070755165512336483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
        5⤵
        
        PID:2288
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,10670791795958554920,15070755165512336483,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
        5⤵
        
        PID:5344
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10670791795958554920,15070755165512336483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
        5⤵
        
        PID:4432
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10670791795958554920,15070755165512336483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
        5⤵
        
        PID:4508
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10670791795958554920,15070755165512336483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
        5⤵
        
        PID:5884
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10670791795958554920,15070755165512336483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
        5⤵
        
        PID:5008
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10670791795958554920,15070755165512336483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 /prefetch:8
        5⤵
        
        PID:5940
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10670791795958554920,15070755165512336483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 /prefetch:8
        5⤵
        
        PID:1904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:4584
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:264
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8955494269216444755,14563095587439621350,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
        5⤵
        
        PID:3180
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,8955494269216444755,14563095587439621350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 /prefetch:3
        5⤵
        
        PID:5316
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,8955494269216444755,14563095587439621350,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
        5⤵
        
        PID:4784
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8955494269216444755,14563095587439621350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
        5⤵
        
        PID:4412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8955494269216444755,14563095587439621350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
        5⤵
        
        PID:1064
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8955494269216444755,14563095587439621350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
        5⤵
        
        PID:2732
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8955494269216444755,14563095587439621350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
        5⤵
        
        PID:5956
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8955494269216444755,14563095587439621350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3652 /prefetch:8
        5⤵
        
        PID:3124
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8955494269216444755,14563095587439621350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3652 /prefetch:8
        5⤵
        
        PID:1876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:1296
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,5720666431903479879,15040790850204500338,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
        5⤵
        
        PID:5380
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,5720666431903479879,15040790850204500338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
        5⤵
        
        PID:5872
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,5720666431903479879,15040790850204500338,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
        5⤵
        
        PID:3548
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5720666431903479879,15040790850204500338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
        5⤵
        
        PID:5320
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5720666431903479879,15040790850204500338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
        5⤵
        
        PID:5928
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5720666431903479879,15040790850204500338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:1
        5⤵
        
        PID:2028
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5720666431903479879,15040790850204500338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
        5⤵
        
        PID:1732
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,5720666431903479879,15040790850204500338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
        5⤵
        
        PID:1416
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,5720666431903479879,15040790850204500338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
        5⤵
        
        PID:5704
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:3496
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:3520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,11288189741022146832,8042548793925224426,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
        5⤵
        
        PID:3204
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,11288189741022146832,8042548793925224426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
        5⤵
        
        PID:812
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,11288189741022146832,8042548793925224426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
        5⤵
        
        PID:4968
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11288189741022146832,8042548793925224426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
        5⤵
        
        PID:1856
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11288189741022146832,8042548793925224426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
        5⤵
        
        PID:1920
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11288189741022146832,8042548793925224426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
        5⤵
        
        PID:4804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,11288189741022146832,8042548793925224426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
        5⤵
        
        PID:1764
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,11288189741022146832,8042548793925224426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
        5⤵
        
        PID:5720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:4064
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xdc,0xe0,0xe4,0x40,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:1788
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,9515729820608398846,10804784107925354657,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
        5⤵
        
        PID:5564
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,9515729820608398846,10804784107925354657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
        5⤵
        
        PID:6084
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,9515729820608398846,10804784107925354657,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2996 /prefetch:8
        5⤵
        
        PID:1772
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9515729820608398846,10804784107925354657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
        5⤵
        
        PID:1176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9515729820608398846,10804784107925354657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
        5⤵
        
        PID:4104
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9515729820608398846,10804784107925354657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
        5⤵
        
        PID:4024
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9515729820608398846,10804784107925354657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
        5⤵
        
        PID:3844
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,9515729820608398846,10804784107925354657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
        5⤵
        
        PID:1016
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,9515729820608398846,10804784107925354657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
        5⤵
        
        PID:3320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:1468
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x100,0x104,0xfc,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:5452
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9275208581743494606,11798065063710195000,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
        5⤵
        
        PID:5528
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,9275208581743494606,11798065063710195000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
        5⤵
        
        PID:5256
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,9275208581743494606,11798065063710195000,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
        5⤵
        
        PID:5116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9275208581743494606,11798065063710195000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
        5⤵
        
        PID:6020
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9275208581743494606,11798065063710195000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
        5⤵
        
        PID:4020
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9275208581743494606,11798065063710195000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
        5⤵
        
        PID:3216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9275208581743494606,11798065063710195000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
        5⤵
        
        PID:5764
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9275208581743494606,11798065063710195000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
        5⤵
        
        PID:3480
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9275208581743494606,11798065063710195000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
        5⤵
        
        PID:2392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:4984
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:4000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5011816240111913927,7812868529077055143,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
        5⤵
        
        PID:2040
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,5011816240111913927,7812868529077055143,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
        5⤵
        
        PID:3288
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,5011816240111913927,7812868529077055143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3016 /prefetch:8
        5⤵
        
        PID:2136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5011816240111913927,7812868529077055143,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
        5⤵
        
        PID:6004
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5011816240111913927,7812868529077055143,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
        5⤵
        
        PID:4348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5011816240111913927,7812868529077055143,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
        5⤵
        
        PID:3996
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5011816240111913927,7812868529077055143,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
        5⤵
        
        PID:5372
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5011816240111913927,7812868529077055143,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4000 /prefetch:8
        5⤵
        
        PID:2528
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5011816240111913927,7812868529077055143,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4000 /prefetch:8
        5⤵
        
        PID:2024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:1772
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:2288
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
        5⤵
        
        PID:3588
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
        5⤵
        
        PID:4792
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
        5⤵
        
        PID:5296
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2208 /prefetch:1
        5⤵
        
        PID:2508
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
        5⤵
        
        PID:4404
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
        5⤵
        
        PID:5096
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
        5⤵
        
        PID:1236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
        5⤵
        
        PID:392
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
        5⤵
        
        PID:5320
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
        5⤵
        
        PID:2720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
        5⤵
        
        PID:1664
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
        5⤵
        
        PID:4512
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
        5⤵
        
        PID:732
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
        5⤵
        
        PID:220
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
        5⤵
        
        PID:3716
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:1
        5⤵
        
        PID:6060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:1
        5⤵
        
        PID:2660
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
        5⤵
        
        PID:1728
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
        5⤵
        
        PID:5128
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
        5⤵
        
        PID:4524
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
        5⤵
        
        PID:3616
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
        5⤵
        
        PID:2828
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
        5⤵
        
        PID:3036
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
        5⤵
        
        PID:4212
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
        5⤵
        
        PID:5768
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3756 /prefetch:2
        5⤵
        
        PID:5260
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8977177429473583787,1723859117471997595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
        5⤵
        
        PID:4388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
      4⤵
      PID:5140
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:1996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
      4⤵
      PID:1732
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:1548
  - - C:\Windows\SysWOW64\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      Modifies registry class
      PID:1096
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      PID:3396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
      4⤵
      PID:1408
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0xdc,0xe0,0xd8,0x10c,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:1340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
      4⤵
      PID:4304
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
      4⤵
      PID:1108
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:4620
  - - C:\Windows\SysWOW64\regedit.exe
      "C:\Windows\System32\regedit.exe"
      4⤵
      Runs regedit.exe
      PID:5692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
      4⤵
      Enumerates system info in registry
      PID:3944
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:3204
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
        5⤵
        
        PID:5372
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
        5⤵
        
        PID:4212
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
        5⤵
        
        PID:4760
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
        5⤵
        
        PID:5684
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
        5⤵
        
        PID:6076
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
        5⤵
        
        PID:6012
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
        5⤵
        
        PID:6032
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
        5⤵
        
        PID:3024
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4384 /prefetch:1
        5⤵
        
        PID:3672
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
        5⤵
        
        PID:908
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
        5⤵
        
        PID:4792
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
        5⤵
        
        PID:4184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 /prefetch:8
        5⤵
        
        PID:5084
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 /prefetch:8
        5⤵
        
        PID:3796
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
        5⤵
        
        PID:2424
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
        5⤵
        
        PID:2464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
        5⤵
        
        PID:3448
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
        5⤵
        
        PID:4252
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
        5⤵
        
        PID:4520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
        5⤵
        
        PID:540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
        5⤵
        
        PID:5212
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
        5⤵
        
        PID:2052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
        5⤵
        
        PID:5720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2800 /prefetch:1
        5⤵
        
        PID:5396
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2072 /prefetch:1
        5⤵
        
        PID:4508
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
        5⤵
        
        PID:3236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
        5⤵
        
        PID:1436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
        5⤵
        
        PID:5504
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
        5⤵
        
        PID:2028
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
        5⤵
        
        PID:2088
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
        5⤵
        
        PID:4476
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
        5⤵
        
        PID:6280
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
        5⤵
        
        PID:6392
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
        5⤵
        
        PID:6892
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
        5⤵
        
        PID:6960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
        5⤵
        
        PID:7072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
        5⤵
        
        PID:6908
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1
        5⤵
        
        PID:6408
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1
        5⤵
        
        PID:6840
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:1
        5⤵
        
        PID:6792
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1
        5⤵
        
        PID:7392
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8768 /prefetch:8
        5⤵
        
        PID:7604
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9268 /prefetch:2
        5⤵
        
        PID:7816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8128 /prefetch:1
        5⤵
        
        PID:7904
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9336 /prefetch:1
        5⤵
        
        PID:7912
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9264 /prefetch:1
        5⤵
        
        PID:7920
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9084 /prefetch:1
        5⤵
        
        PID:7928
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9908 /prefetch:1
        5⤵
        
        PID:6212
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9840 /prefetch:1
        5⤵
        
        PID:4808
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
        5⤵
        
        PID:6724
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
        5⤵
        
        PID:5272
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10124 /prefetch:1
        5⤵
        
        PID:5464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9088 /prefetch:1
        5⤵
        
        PID:7676
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9396 /prefetch:1
        5⤵
        
        PID:8152
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10120 /prefetch:1
        5⤵
        
        PID:8072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9476 /prefetch:1
        5⤵
        
        PID:7232
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8976 /prefetch:1
        5⤵
        
        PID:6732
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8628 /prefetch:1
        5⤵
        
        PID:7384
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8632 /prefetch:1
        5⤵
        
        PID:7736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8624 /prefetch:1
        5⤵
        
        PID:7104
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10380 /prefetch:1
        5⤵
        
        PID:3668
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9852 /prefetch:1
        5⤵
        
        PID:6944
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10416 /prefetch:1
        5⤵
        
        PID:7768
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10712 /prefetch:1
        5⤵
        
        PID:6804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8576 /prefetch:1
        5⤵
        
        PID:2392
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10716 /prefetch:1
        5⤵
        
        PID:7412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10872 /prefetch:1
        5⤵
        
        PID:7216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8960 /prefetch:1
        5⤵
        
        PID:6760
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7156650483710660878,11135020028787643299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9300 /prefetch:1
        5⤵
        
        PID:1880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
      4⤵
      PID:2472
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:1616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
      4⤵
      PID:4296
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:5660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:4556
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:4004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
      4⤵
      PID:888
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:3692
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      PID:3776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
      4⤵
      PID:4868
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:2196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
      4⤵
      PID:4228
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:5748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
      4⤵
      PID:6216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:6232
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      Modifies registry class
      PID:7340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
      4⤵
      PID:6676
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:6868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
      4⤵
      PID:6736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:4408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
      4⤵
      PID:2660
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
      4⤵
      PID:6680
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:5540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      PID:3948
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:5016
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:8144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
      4⤵
      PID:7668
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:6112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:5688
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:4836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
      4⤵
      PID:7212
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:4396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:7180
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:7676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
      4⤵
      PID:4840
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb408246f8,0x7ffb40824708,0x7ffb40824718
        5⤵
        
        PID:7236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4912

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:3676

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x4f8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6032

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6044

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4228

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
PID:2588

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:4080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b6374013db3686bc47d272d7e6e2854

SHA1
8765a1d558f09b1e6b9f602596d98791ee39245a

SHA256
edf6bbfa3d51cab64c5aa1d19ba7c640aa4f6ec500dafa411cf4b10171e8ca89

SHA512
d5c6ebb0aea70676104e8046aeebf892fe07d3c1cd2277be2a84461e7e26e9044d2aba766eab8702de6295bf07747eb60342ad7e208ba5566a52e4abbcafca1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4cf60e31df7f8f75ef0d65ce7880677

SHA1
fd77ce0cd4378c3b5cbf80a3e65db0198cb7543d

SHA256
16f32dfff9d27fcba27816653eee95e2076c6d4922fa51fb1a315ac5ee00683f

SHA512
9527570365e358a360cff60a4bcc59d94a79850f403429e7f896c55fb977e4a84fbce127b626245d193c122aae7b99d95d68cb390617831c7370e2b705b56200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1b174c9195c8c61cd7e28b6aa335f9d3

SHA1
fc96217882be109b9ef1f06c22b1f24b4a5c3fb8

SHA256
f221fc8e8ec882801822f702c741d398595eee057a59b13a160ffb57455de82d

SHA512
a1c92cc1ec459deb9db8d0f36d3ea1a28e44ff616c894b5f84c35da3263c5a6f0c2420a63ac0ba1ee3f909196e501007f9ffde24d2bf078fdbb368773b602c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8cc52e74a5bb52adf55e5e411946cd82

SHA1
7c0dddc82a25f2934f6515e2fa25751fd3677feb

SHA256
b6b97dbe6806c0b3e32fa00bb20f8a9f07090e190402687ed36c900a8c2d035d

SHA512
03bb7ee19a62923eab3874aba9a4a12a02fe057833188abc5545cb2b14ce1667716960d7d8d23e543eaf0d38c88e5fb8f9920508a4f591e86a6e61b4223d24fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b030dd959bee8b147c9a7c1d3c4309e1

SHA1
134eed617013fb80120b90d7382e9a67ec398938

SHA256
c5685fb85b99dfac2650700087294938da4164e71be185dca4785a8f27f574c1

SHA512
6a266d7a83379069c75c4640b83a8c7154d4f23d210f2bde4bd09643aa783c6dd0e14c27a124e33cc288532c78ccc1ccc92916268161c7287dac8ddef6d209d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae3f39822ce1a9ebfe1fd15912e43721

SHA1
e5e4e70fbbe8c85166db83f4d2f785bbece5280c

SHA256
ae9f529e59c8442e1e4baa84ab22a308fdc364186e60f06e9e704c83eac3f160

SHA512
33b4203429a0779c07fd0915ae13ea34daa9e9aaf16d64b31c6c2fda7000b4557f2067f015172f9aa8e0296a93f0c8b91ef31738ba10113f2263295c39aa6a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03dd08e6376417f1ee2be51e1aa9239c

SHA1
b6c4eda47c9014aaddf5b26d45e1fd86190f89b6

SHA256
df9fe1b25e295219dd4960be079652756ee4bddfc809261ded9fc156345466af

SHA512
15fc8218c8b1feb1c5df1401d5a2107621c74fc1ffbb455c78fee4e366eda50a30ecb4b6bab660272fcce57e39a6e4d3d59614c1b333babfb9afed6367c28e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0715362bd2034d6bd0110d76b028887f

SHA1
153a3a1f456856d13b60511168892127074b1353

SHA256
8e9e2b4853e560f2b63c8ef66ba4048ce938a2c2b4c5eccb4ebc243962aae86a

SHA512
1e3aed0f4ad0f377631c09b0804a869bf4328a5f91c7c6d79d3b92f788c5d5e91f1d8588f715b577299ad331e009b973caad9ada92cd7ef69173f0e8c8901bc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8eaa016209b02f145eccf99b40b159b8

SHA1
4c2ecebf3110d12d85827def611221cbd0e7fb60

SHA256
a8f5c333de944be7d6e07af91fbda14c1d26b728938605efa08d98939752546a

SHA512
39e7628ff25d8970d2ec243f623da2533489d772dffb8b80c47a86cbfc55c775d3b754c3117f1c835425b93df10ef8de281f18f7246dc2c73af9a696fba99156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4853c7b537869afcb5c7cf62bc930e10

SHA1
26e3b413c28188c8f99ab5360c97c53d129195c4

SHA256
6ec439fa649335fac484f2841cfc92672b2ecd4da72e107ea4dda7a961a16383

SHA512
c0eb5a0b59365aab0a18c069ae2883617f9d5cfddd7f031f27cc1db28e8e60174c68097a6ce1897abce98ae8d06f983597b14129a74576ff6a3d791dc319c84a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0823f054-3a3f-4d08-b851-9573a5c587de.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\167430db-1d1e-4a9f-b411-3464664379d2.tmp

Filesize
9KB

MD5
c12c0cff1220f9318a47a6acc7b49e92

SHA1
db50c218da934606d5aefe3b06da929aae6ad013

SHA256
d8526f4eca4be1917729764741756b03027c57330dd4007a984f4a57e92b3145

SHA512
ff1f866a6234f801aaff920614517bcbc1dea3607cb22d5a2e2f41564e7a3e5bd03a5fc9935214fcea30b4a28f69e2c0aa5f463296a40bdfc4452fe551cb6828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
d8ada3c0bbbe5afc2eb181c56c27eb82

SHA1
4dde6be5289c6276e8aef91144d922c3c12b4b24

SHA256
2305af2a78904381b945cf4da7658ff16f542faecfaa80b9c367d3055ffd6784

SHA512
b989214f31db47b43d678e9762eec8b8f16a2de3128ad045bd99a8d206a9c0b0d041b5f50c5d716c742903d7ebe8b641bbe84d11026cdd9d30fb4986d480fe1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
c0288f855b895ababc7462914df4a246

SHA1
4bd32678dfc77bceb6a5ef587c428d402d48595e

SHA256
b9f8a2ead69cb347d0cf5380c3ee2ff103242a602ee4e346e93eb1e2e991af51

SHA512
1d277868e6fa4446c069bcd52e1c7c4e1939edadbc6ef68a6d6ea08ec8e0d45f94721d162eab71b2f33a076b394b76071772e395f0b9b5f83a82713b11b9a873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
6281ceeaa3ce3c9efed4d40d94916144

SHA1
e199d62082c2f5ae51ca717a5a64bcb6d7893b30

SHA256
5d04cf43dee7d629e21d010ad5069b5f38a6e5048b5547333b7b25c81f3d559d

SHA512
09cb779010f0c8073018386fc395d741af22d2e981e6ec96a8558c6374b79a5a86ccb96a80aa90af3d1f8d50bc0682d9f0e8353db39b1c2d7e351d5cbe6ef025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
ff9e8fc29d35da9260b89356829656a1

SHA1
091f40cf1a91a8095be9c4a24083e4b104be4a6e

SHA256
61fd19d3278e329f5371d17057a4f306c279f79da17717da4f7467f7611206ee

SHA512
ed160edbc5934f180523659632af77d7e1af302f2dbd92bae4473646619753f914d91938925a2263473d8b7a52b1b3a76e0f49837205d48d2441ff2185218d57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
204KB

MD5
081c4aa5292d279891a28a6520fdc047

SHA1
c3dbb6c15f3555487c7b327f4f62235ddb568b84

SHA256
12cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f

SHA512
9a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
37KB

MD5
ae2b5e6fd36c38beb90ca24ed95ddb5d

SHA1
b447190bb67f2a881b718f6cc70a136d698fc5fd

SHA256
cf22d1a1efc7c1aae3bc34d87149304a0198ddd635df1d73ba4c87dac536a136

SHA512
5bc508d40dc2d9f2b81582ad828ed01e0895db01178a3189383e58723597651f314b80c6c1ad16300dd8f886cc64d3bb9131d58e0f71f46bc3cb92d15a096db8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
18KB

MD5
45f4d9e7d2e260e8288babc1c6509235

SHA1
00b2ff2b04aeae39c3a1acd010c8814bf9f775e9

SHA256
9e0bba84f77cc947769f33b6a9595f95bca6f04e76b38d3f6be385e6c00837a7

SHA512
f2da98b6c541267dd2847a230aa9bd7589b4fcf8e0cba30aaa0314f92146981ec654506e005b9b5d33bd23b6cea8fca0c6953260943bd1200cdc33cc903550e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
32KB

MD5
4956a5a7644eeec3c23c11c34eb8d8cc

SHA1
a5a07b734e130facc24e0d45b3931d23c4858174

SHA256
0cdbb6cc76b5af1f50459c53cdac5a883736b1e78c22d3876ab127646790a9c5

SHA512
bfdc9b07e753b76f84ddda98efd611ae26dfb44be5032b1a01563e18e829fb6f6b43f03d09239b054dbd1fe599edea8ea291e3b9e15725367b7bfcfeedd77d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
46KB

MD5
baff94c63010c402a48da7cb2ef08bf8

SHA1
a6bc98e9fe1b1dc9dbf168e7a781476ea95e7407

SHA256
517b17052575e9e90f98e7e3ddefb178cc2ac72ff02b779ff488fbcbf9bf9adf

SHA512
d939db777208d103c46c6905e497211e7e872c601a7fc6763103cffc0d9f90ca0ee0ba6269e70fb17054deaf96efa26e378c904a95206f27f225ef2d5a32bfd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
72KB

MD5
023ed927b7223c2e7e0200dd376f7b70

SHA1
6d784ab4f62d33b98b90f45e051e5062e7cf51fd

SHA256
c10f4aa5be8fb78a353d4f581522e469e811e74d27b7a403aecaf33ec34b893c

SHA512
e89b1540db9b987a24b10356fce2924346fefc2af7615a90c0e93a79d8374b312320406e86e1b3ecf4544d672bb7de223d7d9553237af2986a10e581f59a7dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
47KB

MD5
5b611912157812382ae02bde399ff48f

SHA1
6089fbf66004233d7f64b590c883156200df8c54

SHA256
8495adbc7f8e03685d4b40ee4141a989d53f96dd1c95588612fd6c3acd77ecb1

SHA512
357afe88b2addb2a73d164d552feb20b73b576d53027442a983e35e64c395d7a469d0b851f2715a0febb6534359b7323a050d87a2226969adfbdd43e99653707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
59KB

MD5
c6b0f95171fa2aa59458f9c82f36fa41

SHA1
203e9f34c6b963cd318b7eaa65d35b036a88fb5a

SHA256
839ed500777fea51856b087dc772416bb529be3fcc980bd735c40abfe522d322

SHA512
da87caa4c81a4dcf662bc7f81cff9332964cc21d8022c53ff7abd8fc9936a31230586172ceeb9d13d483e061b6ed990ea52cd8fa609846b25b0b7b792d37a3c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
46KB

MD5
50e7c652cf5d57d97906cc8c89cccec8

SHA1
b44c48b98c90686ac69762412e87099693cfe308

SHA256
17fdc0f29e08e58b3157887e3d01f54eb089ceb07ee1f11e7c23b8aaf24d17f0

SHA512
5b9f0ed5d62b92b85a56b3d3636f5b3f2b00b7c0ad1a29a7a8a15a9d41ffc09230c71631d50a8912884e64b6aecabfd88a41eb0eba41a7590a6979cf71ec4668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
25KB

MD5
1b7ac631e480d5308443e58ad1392c3d

SHA1
95f148383063ad9a5dff765373a78ce219d94cd7

SHA256
7fb66071ac6c7cfff583072c47bc255706222c2a4672c75400893f4993c31738

SHA512
15134314dfd36247db86f9b3d4dcb637e162f8fd87c0ce73492ffdb73a87492fc80330655617f165dd969812ed2ebcc42503f632d757bb89ba9116137882119d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
94KB

MD5
428cedacd793d47b5e40474e57f1768b

SHA1
35b51c35c9503b95bf314da9e599c9fb7379d53e

SHA256
d589c5c62fe480fa6a85229d4a52752124881ad640c65e1073a6b3ab5f05f4ad

SHA512
546e89d0ee1bbc4f240de42c02c88d11efc7c28547fc5fac89a4a8b7c6f2be761f703bb0a686f44b8d312badce1dea3df0666e9c5e9d56e66262726c130c96ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
96KB

MD5
b6c467b196ed69d42bd990da736ceaea

SHA1
e6ade0c31955778354b299acb89495c06d73bff5

SHA256
ab7913580a5d7ebfd3635d874ef1ec82d1650c7c0bbef3ec2a1aaf3760dcea71

SHA512
74463d043b250f57e61936caddcbc5e7f5ca961ffff00d61e9525b92c50c77b774d38955916f489776f33100f427d7af216abbced61b16c4850c3477c13e6556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
54KB

MD5
6450b6d7fa3e5db2598f02650685bdec

SHA1
764f0895acd5893236a8aacde478777bf99318f5

SHA256
c21f3976c32051df2a82ea527370031822563b99f490efa9786e0f1f036539f6

SHA512
135843ea2ebf1c903ceef9e20007d60123f9c17ef6243bd2abc651d12eea7bdb9ddbb2aada6f9b40114472e0db5fc9a019bdb9e4443b43283dc9dad987a7c910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9ff13dcb1179b0d34f8c68c8bf8a5423

SHA1
09f71b53dc7327fb9921839ad11a0cd2ea99a9d0

SHA256
4fd343d565c73737ddd2259edab21c39ff75816e36bdf1f14940b179ed76bbb5

SHA512
fd7a2150bee418c91fb1046438fd2144ca11e32323a3a74bd694692c74f7e22edc2e6a64d82c3852b9b31669f3affe822f1880c72de21baf296021ce6f4e313d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1ccec5110bf4127865c07841f30b6c67

SHA1
05b675f2ca104eaa5a9ce7196f9771db34e74587

SHA256
08a101b69623ee5de62c7eb6693f03108cba9e4868842e9cc624f650d07bf2bb

SHA512
6faf6627f94ea54d181e027a93fcc4a1f518e5fbe27a5f1d966e58c4bcdb40fdbe5698bd852f85d1476669d585c2e1210b262673d1a01aed689df2845ba2ac98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f060c51f7a1c4c8bf60212b97d66f442

SHA1
28c181b047399f1b4aff9cacaf9a129a971ff89b

SHA256
42c61c3cdd515cac7e718dc0e9608d4199855da374fbe514d926e0cd85abe030

SHA512
972e42b0d89b44dd90f0902a61bbac669b09859818c11402d4a170f1bd5be7ce24bbec29ccdcbc390f7ce93ff7927011cc7445693a2201bd8cc0e8f3b16cc09c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
69244f2d095d9e51d5f39115981063cb

SHA1
58bd299d0a8dcc97b07293adbfa5c1d12f2a7bfe

SHA256
b0fc72c4f71ae161fe53ccf579597e120228f521bd968d8365afc8f860412e08

SHA512
5d1f2531d8e6b9bece14e2ef22dd4c2845f0898009be44c40ff64ed17051b38301efe32dc82d545c5fb451c6812c99f79e8369cc5a7101b01e2850a9c770d031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
dd15c4668af835989e5f8a3ea73d7223

SHA1
ccfc52876a10fc9b18854279beab497643c18b9f

SHA256
154e0a44fb6fdb4b799ca9ca78fce03bccda2580e121c9ab5476079f9c594519

SHA512
e52686d215d774ce1616d7d9831e0e97cbf7fcc771959c70e960173a00dc3049638468d9db16c2c321e9ae990c3a27705823aaf4808bb2b8bcec138c877dc57e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
9b9316cb7143b8d6b3be6337c3aec92c

SHA1
dec73ad4333ea639b19c4fca202a4327ad833cb2

SHA256
d3690a6253ebd42792ffdb4b7ea92190a427876664b0e0119d24aac41bf7cd40

SHA512
49ae50efacbefca36d3059aa5a491160b96bac4420c0946318caa7df251c413c7d6260483f99fae2f99adba72cd0aedc15bfde77070d3335a1193f43cf7222c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c68a79ed7584a21505c7590031904846

SHA1
bc4e7b9a4e8340d8ff27ff261def51b95631bbb0

SHA256
3199af1c5bef1976c4c3998e431d70df770dcc78a1ba7f13a1db951c2ff54c5d

SHA512
f2d15c3b4d6e968e429ebdfa21a6d155ba301d5b258d68c9fa10abfc7ec3a8fbbb0a8b68a07a0d11877948c065632c8fd6fc0d3369374ada10cdfb17b9bcf057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1f8e21b95cc5865d82ec85872c5885c9

SHA1
ce012726443ae34d276a60041bc4a24858af1ee6

SHA256
3e5c5c67d674b406f07bc0db50d3879616e56794f3a78979a4336ef8722a014e

SHA512
23efd68ca3b015adce89ff103120a83ad5ac19c12ad45adc0c6ac3f2441e392aed7dd54bbdf33448495006aedb9f4130153fef15dee81bd4c991b717b0fff962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e6e72488b23097ffe7d2c0c57e92852c

SHA1
fce510e1e9157d4c2d024328ba522e4cfc189fdf

SHA256
f07f5b34d95bb20e9ae6aac1b76054f8a6b5f7a366bcaca156553148553e55c3

SHA512
4914809b0271806b2f0d883685ae115eeb3f02cfbf55b1d71a7fd583f851fed2c7c1c598f43602dffb69d42718c29e0fe31c908609b275fb7c36c45c251244ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
807b66fbe154ed1e46c018d03360079d

SHA1
284f8652ab57c0442256f2a52de0b8872113c0a9

SHA256
d6b9e21dc7179185674c6e9319d86a6a786f168c2a002254753855ba5da6ffd3

SHA512
1c6542f86995f185e3a02aa8d6b06445ab1b7ba94129267dcf500cf3f57cdd657e4a7e6656fcf93f16983c4fefb2aae1f39bae1be28d75ae308e87901aca5009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e9922c2430f6ad6c9e01f8060f9ebdfb

SHA1
cc687f49d16cc8b6cf0d4121e72a4d3f1edbd4ae

SHA256
dff4759b073f91adc2943f469d745ee75568cfb1dff289f2944341872bfa76e0

SHA512
c7b8553d00b5ebff5114989bec931268a44e246467aefd4b1fb5c797a0b2d80a6f882abd48f015cc1ddc7c868d9eb8ca88f1e434215bce11aff90e0ffb3afd1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8ae82665cc6e0bbb1798f694e8bb4eaa

SHA1
69237d6b2a149134bbb6496312063671878c9940

SHA256
26ad53bb263d1cd273497df3f3e8cffeaebf65043382baba46cf200a927e2b59

SHA512
e3c0714b875586653d4ec2c3bb96319f110d91270249a12aa12f95209853e6f9c2f71279bf69a1683011eae1343644462c5ade0426e957071a9c3b8171556ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0d120ca3c307e9f9bedada917542ddc2

SHA1
0be2b318c954e9759151b2d2f926c0f07db2a4f3

SHA256
8b3176c2fdc6d9cc0da4d005d1bcd1b0ac454debce245bb8049456346e4ef55c

SHA512
54505a4ae2c4bdcd66bbeab16cdd5c07b2037df94ef2045c6c26cb7384698d73511e1a67e4236831eaf3ad88827bb345ddcb23dd51cc6e5f43922b3b9843e6c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
16c1d30fd74d77b57ce44b655b2be34c

SHA1
ae6167328fa15cb597143f612ef0dd5d6660e561

SHA256
028ed4b2b988086f5e46c548870fc0a11ef96092c5976936a6c79ddfb7b1d33d

SHA512
81d304f775e6842a95df40ccf930def3a42e425df2724b9f1566605ede6a8624739eb4c05fc82fba5797598e3e9ac8801dee255117540ec4a2704aa8a5fdaab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e0ec80ab3561e4ced3592f6aade6e053

SHA1
7b14747a5f917d537a202ecfecf0a416b7ba9f12

SHA256
3a36941c01db922c7e5ee60082c79d126c62a0820bee0ae671e722b67f3e4ecd

SHA512
00ca0f4a494b2844eeca5f6532bbd3398d612d9ce851e8ad1c073eeebebdde9ca5b49db69c49aed781b77b1d7be6e77cd912baaacb1415e2bf513eee15d9536c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3a92e83002fc468f06de75caf31b3c83

SHA1
d06425625781d52856cd27889d048202126cb3fe

SHA256
1a3b83cceb6cdd84218540c10aef0a11594881f434e61dbbb081e23c430a65a3

SHA512
de2356dc340c63a35956d1392efa2e5056f8e34a052680d0325270f02314e295f86cac8c307c0c6596b2363f21a996719fff3d51f79bfc30ab374164aabe2cdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
8f6af142bda3e8d4d0753cfdafb89ced

SHA1
f282982659afd4c7822fc1c50ddf66c610609b9d

SHA256
67ac4a610a3c7fc81176562cf3fc49c12006458a4da26e375ed4564f231ba921

SHA512
5ef56b32eb2cc176dda9a8ef2799af901d69078abcae51f16352ce86f1e26ccd36f4194a017dfc26f4ffaf81e944f0d7d08522c1966ce41333484b2efc271336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
9f8ed5626a74c2c0274dba614739280f

SHA1
37e03e7495b1e0e07ba6f0323aaa670ad2dac524

SHA256
d2ed1207ea574b2c966843f1f3cf2b5aa5356ff69a84e069a3e7554950017095

SHA512
28d19d355ce68f74ef7a074b31449207bf25a31d69406165492f1563edfb5ac8eca1603b548f488c9b671aea8ba5062288d5a48e7c0b8196928e879f2a18f0a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
c97b91b730f736ae293ddcfac5612f09

SHA1
03b142a966a06dfc028719dc0f5b6e7e18818d0d

SHA256
f53a11998ad4eae0c36f9c71b1e1453993a69534448661cc3905d1d87877e095

SHA512
6c28cd922cd7f0a5791386e731f1d897f80671800e739b7aad2029367b4fd64a4ba4035d12812bb7ce7f05ddf7b48f39c95f7a4d4e7a17c72e8b4b19718f9721

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
fb99a8450551f4c5943569aac6db719a

SHA1
35af9652da103b50e6cd69187d60700368d7400c

SHA256
69f71e9de366355a189538162a587b201b7c83c803d092d6f3aee637e4085aae

SHA512
1302d5ab2f23991a0f4363271e5cdf147616effbdb6556550bede06259b9b78f70496fdf6360e5eadf954e30d06859b3e737d5af3622d64c191d9b1473fcf945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
3cb5a12ddb85cf2baed779ac9f812e7c

SHA1
3e3bcba292ac8d644124ed2648f298507167629e

SHA256
2d8204916479e5803ed011bf99ed3a54228a449a7c51e3b9ff4aa1b5dda7f9be

SHA512
5510ecfb0b243b8c2ddda94d2f226f971bf3f3196c8c36be19014a98cea1d028c52e3ab214c30a581db41d25177dbbf322c398f7b8a3ed83a42870dafa34f626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
5b11068d782976d67624899903e156fd

SHA1
536aca9382a966d39dc760ef0bb09311bf2df112

SHA256
00a0ec8319754ccfbc27df5f1ee35a332d1f9576c6d69c21a0bd08e0cfeb3cb3

SHA512
d4c40e2a6255cf67a1cb0a5744af9296d60833d8028977b75027cca75c7e2d1bf8537112c6d784717d16cef781be881468a23884dd3d19d1d18427d9e56700ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
58d175204c0545b7a184030150f65506

SHA1
fe376d2f2f23b8624b1e7e7977e38f97c019f173

SHA256
1cd20d5ec0dad65ce1e4a7fb0c46e8428978a0f69d687c348e45b443e0abbcd6

SHA512
c8265b2b266466837cb331fc50286995e1cc782d0c49c536994ac598982c8bfd66c8053d7fff98ef5349a1f0e42631fdcc7736b69032a0f2ddbf796a599c4a24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.vice.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
14KB

MD5
e3257895eac73cd6dca80286d417f23a

SHA1
86a3ffd1c2eacdd599da90a0efe20fd9c6108496

SHA256
14538c20da65b43dd4254faf24a5a4f3a780d1c71f7a6dd738c58b2a75ef2cd7

SHA512
2cefa0bca88419adc5b26fa0c176b323e4807058a254507fe14e84cbf6fbb9173cef89949097773014110c13ca9592c60104318379b544193228d8dbddf272aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
b32af452511e2fec1fc2840b3b2bc5c3

SHA1
eecf68cc4a27683fc51b0801cbce474f80f47a60

SHA256
4da898bd698dc5eb19bfe82c31ff9a5b7094e9819afcddac4ff61067d92746d9

SHA512
41dbf07a1bfe2b15ec5766fcbad2fc1558fe987e1d87a7b8a769dcecda54a3c7999d8f4bf2a8f8e93bcd5d549297d7fe638664d7910dc78ecc7cc99ca638881b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
ed5f4213c17629776cd75510648fc019

SHA1
ebfa685dca9b7c920cd5ad521c03e4ad0ce435b9

SHA256
e969795f0e63ec8a35cdf34d5bc43867ca0825bebfed9734943e69b34ed2ad87

SHA512
71bcc166ae5a48f7a79aa5de7ecc7e10dce22c39240ca9ffe9d0f9340f40fc2a2429529cfee8b2b5d7082efe94921fa7df3454852d5313ff4093bfdffc189627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8f6623b24f4f9012b4e4993fd5d7e3eb

SHA1
35604c0f7ad7d6d845a15b0e0550c4c2922de90b

SHA256
b43365688505caebf5594bb4722931b57c55473df8e2c87927101c84192b8d83

SHA512
0c9b8f0ca8c50a3d85a136bd11a7897d4d991cfd8bfda60568b86c575c76d7930326d71d3d015d328f47d726149743725c7a8b395b9afdfa1463efa1f862c42f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
20KB

MD5
27acba26ec99cc39f170271536000ef4

SHA1
15a260a984b893950a7eae3cfbe1b507d475262a

SHA256
efe756d63713e67434ed5683ed0b148ccfbbfb152c8b79fdd22968e082c1652f

SHA512
a891a1a8e3023694d9b9512a6f502882ac1f2033eb796549c5c693df1112c71f0eba80c6da468b7b6bb162215fdf20f36c342ecd7c450939c7badd2f62e7cd41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
69d11ebba39eca754d94681a809aa676

SHA1
e44f0960dca504f6f9d4a24628dd82528cede5bb

SHA256
1908f5570afcd86b06524f2f8f6eb862c96c912e244a72ec7ffad880fe2a18c4

SHA512
a16fe284dc7d16942422805c7901174c5c94a174b2e358159561f6a6e0597df52f36580b2d4dbd443b712c5fc4553bae9c4fb71a9bec163a4f8f37483a8eb693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b1cc5e95198c45791608fe2aabbf48a7

SHA1
1dcfdf01f2de388e3d597cb08eaaa91a985a2337

SHA256
3e2a5fe1bbde5b3c07a2aa85025f9ddd64c89fcf141b5b9f908fd8a991544271

SHA512
db1029f7eddceb5a5e798528c9aafc3e7d03c4a611a77ad83068570f5f0c94030709e8fa993bf972d4863c40c96302ca811df97b6493b5926a71548389711930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
c6d0cf0581d29b9633c39fcc44e9adec

SHA1
f14b5e5cbcf2b0c272f7d98941b993917264507d

SHA256
d2fe823c3b600335e310ffd1ea709dd07387fc46646d2c059b8386333359763e

SHA512
e6b03ae577f15612c22ef0f2b12618c9288e04b05485a8ee3b67d40536855246726166f68e094842658f980a836e6ace03c5d14956b6b4a163c48119c80aae3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
013659dc323d0fb99b381d6baa824a8f

SHA1
530bac14279fe777f6e9f4fba8d52ce48ee4eaec

SHA256
8f991d559fbc45216e8752385b272477deefb10f2117ba62652a3d7e154db973

SHA512
6df81f5fabcb812178a2853f136e372cb2ba3ba82ad7f4adc6af33c18216ef0bba24fbe7d664a848ef2f76aa79560487b694e96df2cffe625e9a5a3511010898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ac6e67ee40c6b6ebd0a5d025f5b651b8

SHA1
f4baf3a17166c1afffb01cad783954c6e1686217

SHA256
8e483649ff4160cb12bb852675aec4f995d9c886638d2af2f807147a23d433df

SHA512
36cf908afbd535b8792b9ef6f57585e6445d464077811377e43eeef1bc71ec4b99720083cc0f1523bc5fa5250e566fe75bcdfc8d0b7f5126e606d839f841b636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2c311e6755e0de862fde792087bc2ba7

SHA1
72eccb83846888c3b4cb173889b7562043211e19

SHA256
1985cbc1020eb0dcd388191d78a674621b60f7832b1916da6bfde8161206fb5f

SHA512
9834803f1ff12f2eeb9ce7e763d88d807f34428f53d4a7421af3c8636cbaf0645e89931500aa9a0d24a4029934240bdac2a56b7115a366b132afbe09ddc1dc68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
b7d6e31fb898fd0167b7e0290fc9bc10

SHA1
8efa3c6473c4485111a1489982720b5ed175bb9f

SHA256
ef6661adfc82205f6ef7cac1f147bebdbbdced9353b2cc47f0f141be37626b49

SHA512
d86908e32a8de590a2c91f2090db704b5c28a1afac857694b74a13befd4aaaede0a8aea946697a04bf44d52e1c42edb569630192847d7f6883bc3ddb3d8cb41b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f941d46046ab24a7ec9315e581db3052

SHA1
20d6aa6ff79e0fd04e68c778ffd4b0d8852cae13

SHA256
36c31c99bfdaece9aebbd02b524a71a7fb59c6712b58bdb2f1ee6505cee8eafc

SHA512
0d77043d18556a3c703f80c9babcbed4ccb0286f3b3fcc5d909cb479a659b4a0cfdd215c8d7aea67737b24e7e636d4117acb74f1f6e589984d54b98819d72e65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ba51dbc8ed38b0986681907a4e843e21

SHA1
35ee0a19fa241e7de1ca7233772e1f22c15666eb

SHA256
074950d289ad4c92956dd4d2ca3f1c633601f1eb27bc7bb483b921d0f958d772

SHA512
72d819e43fb94a95f4ee84908b5fd204fa28e112bcd14b184689623d859c7d62ddf70af66445fb05a6c02a0bd5dfc7eddea1d7bff64e885a1a5bd59629a33972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c198b77e0d272e0469868b77c04fbd7c

SHA1
af688b76a9d16fd3b5afce134b64202f47eb740b

SHA256
e0919775121fecc1f25eaa92d487a795d45e66ad04ca9ede7fb507da3df38d69

SHA512
a94b10ebbbf39bc1044dfadab3fc16f9cfbad37c355da1d464be9c328d26b4ef97f21d2b5ab6d82af104b5b4785340e8262135cb925d2377e62d63d407e5ab03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6aa51b8591c3cdcc89b9fab1f35fd971

SHA1
68d5b84a9c074478856311a3f399a7121c0661ce

SHA256
1ded5cdd5d8e1f3c88827fd75da9353fc09449f5160f70733719836f3373d624

SHA512
09e2ffc8e002ca925042559595ae2fcef2c201f219117392b4c5b5b3258e5b0ad97154e3d3a688aba3d40370f090a18e21a89db46e1a8b6070f4663e805a5b61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5ca73e25e51b45170d8a024453bd02ba

SHA1
c954031c16412c1fe1ed15a72cddbf0df712e167

SHA256
755baedf4652efca88ed36a403938762e18e9a643ab1aec8655d01187bbc9295

SHA512
e1e9db08601b3f8b2c5e89c22914eae2647328ad38fb63fbb7dfdd8b26f2ca2270adf9d38db90a80eaf3c38c8746b8f8e89891749c8ec4346e0ed6de90520cb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6b5bb2bd612ef8ee45750dac3d6072f1

SHA1
ba27be06511dad762f126d653e3b1a172fc9b36b

SHA256
8ffc654c32af38b80d43bddbea5913049f1dc3d0cd70ae1df648a1735f2b22bd

SHA512
380bab2fcd84c37365a51ce4969118ee50bd684ad53a0ad602593fedbe9ce5af6ea3cdc4f370970f18087145767af4fc36a4862ce31d9d6866f7d7ac420e0da4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7303fa0cc85fa12b3d86cb973885ef4b

SHA1
8760b2377b860329340dea90a497ffad58034ff1

SHA256
41b2ed6adb5c004e2fca14601a7c342974fa3998a871e823b3d53b3d40345a0a

SHA512
5f8ed630569d69b89c503ae738bce3b22660d77c18d2b5206b8f4708245191ab5dd0db54ffccb86c62eb9b4111ed18da61d9f173c9dc192a1a663f30945d0763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b04556a1835dd8c019405cbc820524cc

SHA1
ffa403010aeba3afadb17a723df910804d6df1ed

SHA256
980348f236f299e7e6f904cfcec579d56d66de0810409fd842b98dc154ce9722

SHA512
19e7577713c9ceab0201146661880f9e61b52b303f53722f55b52c6f9c48e6c5f59f97e137ca7cfd161c9dae5334417f377ca584e44b02a65001f9472c9901f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
968fa646cf55b5bcdb71554d841780f7

SHA1
27b449694701b791fb8964b46596bb5cfe3f8ab0

SHA256
fab2dd1e2ab2d56850055da16da9c8920517ffc856e39f6fef43c080e5c9ac7e

SHA512
303951972f5647e0d093b92a714da9c1d065b268af5c167109103954726d20366dd79e7d56c25bedcba63c8ad93681e5788b1e16c2b13d6889d99f88cd6781bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a4820b3bbaece3c8e839610054f9e5bd

SHA1
7288688d325b218451b5f76764c9de5259d80881

SHA256
6ffb8affc53f926edb9570106d31a17543ba271b52d7256e8e786906bc1e72c0

SHA512
159d4821302b95e506cfe54413a42673b741cef6f20256954d81a1b00b379152a0b5364c5796c4c9dbd3c18b3b7e981ec42961652e49f635cf16e2d177374dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
cb5bb508aab3579b7753aa84141586a9

SHA1
3d82e05cae192f98aa2e0436c2f12c54f4cca6ff

SHA256
9fd58d6096bcf979a61a29cbf01ff6acc99b9325e05a3cb6ce8d05f53627614a

SHA512
47272038cb10acae152ac086b56ae4116aa8d269ce69f12ab3a4867c00164b85ca933ba4d7895caf144d17715e040731e4994324f2d65d1b48ecddd5a0e1fdc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
3778068f03e642079f70452a6ef08055

SHA1
d654e86bb501e5aa0220795601c501e52e152c38

SHA256
25e3e26e518171f3f5801acd9accd955c77579d6fd3544ea58dc276a0bf8df2b

SHA512
597c4bf783d2d2c4bd1b20f3a2c49fbce5f456f436a7b952a7383f99c8ec6b8a66fdba6555582f7a0f1ca8b4d404183d3139e741a4f90c8f0c01d5394584ce55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
c04525bc15216e84117772c602495d0d

SHA1
1e3fede3abd826a96a67e8853077d017ed6470ed

SHA256
12158452928d1ae3e14d7cdf6d711318cab9ee98f828ae79ca47758a6bd33dbf

SHA512
81a4dd1b8d4fe51b4f09e699ef33d183ff346bd18a0f809bc8a5450188817ec38b080c2649f37675e60cd243887df10d3fc731844d8ba3db581bb6f9b52cf9f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
26feda2a6ff897b86830d95ecbf98379

SHA1
b11bcf27e2e60e84bcb65564aa2c6e97d5e80601

SHA256
4de3c857d480733d2079a166e9dc3c365a4d007958d8ee04317df16757eb66c6

SHA512
7351990ad508e642203e1a991cd2a2f6fcdac19b1fabc6a412531d4d9202258ac5d0a96e5e6038962d4540f7eecc3696d02b6a7fba910907a19de12bf062a7dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
d03b46cc49aae480a35db0326320d18f

SHA1
366b43d28d3c34658c81fb930973623930fc4ccb

SHA256
d73c54e41f56d32ab3b322180c0cb39e10dd9100bdcf012cd83e0246fd22f7c9

SHA512
49f289d84b186d92e3bfd26beab6128bc6054c2efb0e8771061b19c0c9765c7b5045a57c75add8f28d6a23e178a586cef4bc6945176140b6a52f8a1b24c7c242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e4160b9551091bfe671ca9930ab386b4

SHA1
fbd86ca81fd1b4035bee01f7692bbff4b710ff47

SHA256
cc9391b99964fef975f56c0fc8a60b8a9f7f65cee80bbf88e80d2285cbd39fb2

SHA512
cf787e0fc8096cde706eeac31bd44af7185aa6e936b3e4de2430c88cc45edb3ef0674dec2d9ecd01f872096375cb4657bba08a83ba8b448c6d9c4f19d951384a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b3647d52d57fe2dc20da0e2c92ee225a

SHA1
19442c0fe800db23794cec9e007aabf5b26e194b

SHA256
aa129fd60cd6736a764f9c3c96977e3d8df3b79daf401cca5c6a9b2d6f634ae7

SHA512
a7790150627070f79efa1f2730a204d5434574965e9936b6952144f0d813a3e41d8268a6affe2445e8025705310c2431c9fba28556c8b62182f8be64bfc0548d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
473f652708bfa0fbe4e175b2023630de

SHA1
0abcc280a80c9b7684ae7f958fca02121d90b09e

SHA256
a017798a1a717f29bc1cea1817d5fd2f949387ea9b718aa23c49c128c47996a9

SHA512
2692903c9ee90e7d5fdf3ecea5ea69d3a22c6cdeafb40c4a59a5db05389a4f8809936150f3ed68abb81494694d5223692f9b0ee3ff68336a9c2f2d301228b790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
abe8b2dbf32561724c7acce0babd3f20

SHA1
06b680f7d781a7bf4d47b8ae0186066e75f90159

SHA256
fabfb87becf1a291f8a641ddfd38ee3c67de8074a9bf41ae6d2b38da369b726c

SHA512
93ba38a506971740ef119ea04e6f6e16721c05dc41580878a1e53e403cba3557b1c15e1a3ad7ec37d7f578b966b8be2f14e47f3ff23ce6f63eafece811516bb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
30e408d71aebad0fc052bcce58e8a662

SHA1
a0dcc595561decc42d42f22b69e25c0b46540566

SHA256
5e4cd76cca77c46279894ca5cd024179d42adfbc0eb6db24f11dec170cbb3b13

SHA512
55728c22bc69e42c27d7db5fba7d13130e85e1c9bbbf595f6d4812a6b90a65c74400c00502a4819aac268129cb7d4b9a8f51a82e451cf52b7284cb68067d7549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a820e7f089c268d39cd6c23fb49badca

SHA1
c0f43666a01f69140bc6390879c433c3a78fe3db

SHA256
f74cd18cc45b7cc5e1431513ee8591a7f9fc01c4e57a84508fa72ae16787e0ff

SHA512
0c4ec35b5abf7fe1ae69f3f6aeba0f41cfd5c02397893f6f0de9c9923b5df481b48ee814c12ffd9e513672a5a94021ea8a465273d4beda0c8872711c65154932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
737dd26f520ef74a36774d6ea729ab8c

SHA1
35fb1dae62fa057ebb6f184f86e7097791795ccd

SHA256
65cd4869000e94784150cff2f28db0750e858bc7869f37b31204ee1145b7e9b4

SHA512
7a6bb764caeb112bd2c45b59876335c45453172f539a2ff020080d96d44fdf3158e2e876fcad3d72d31e9c4df6c2a4c8cf8e6225c2ce6d205fe7144fe615a6d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5ec0b0c5be1b43aa0c74eb5c2d2c8d3a

SHA1
04858202a99c8934a25da83229dde63c7e08588b

SHA256
6c960707da9afa4ed7068bd8893833bef4057e962cb139cfe65a6c43ee76c3e8

SHA512
3252f03045a0aabe9f4f5396a77ad752ced03f4f9870b053881c84c7f82bf9d04fe4db658b4603c9f7b868da064d12b0dff908da34bdd1da54bcda115defcab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e99984f30615e544754381e2f7f4a414

SHA1
7dab1ec8d84d8c625e903259ce6b98685ff73a4d

SHA256
97333c5e46c5a2849be964d74e6f8833dae1aa97702e0320ca0f5a6e9719e029

SHA512
6e9cce0eec9126bd6873d67c93abfc2f75b837da502d7ce210a60d07a3f64440f31ef1312371b1d84d32c91ca4d17fa5f31fa4775eb6b91844d9093305643c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
79eb6db9ed51267b67924f2d5960806f

SHA1
4c7aa706c0602a88ff7118c9786f5888c5e67c4d

SHA256
e6c1b1e50eda5ba7c1525e61c98c1097ce2310f9344e734d8fc4685edcecbff8

SHA512
27b677d90134ec76d4735e2a3c38c7927e6379dd1583cdac78e7e7bd41445d56e47b80315f488a236d65cdd47e6befbf6ede9e1763f88fb0131d50667b983214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
676d147464f3172e9db327c59924b565

SHA1
ea7082aa7ab41c4f50462f082b462893584f595f

SHA256
d6ba32d5835a7ba08828b5aadde6cc37451e740e60e182c57ad5c2feaeeb9925

SHA512
7e28b3ef4c6c5dbbc237c424027c0c574ba2ebc38d8b1bab379f01b537e981783777b7874b1646db9d54c5abf5b69e9a4e1f395fb6a834f7d9473c8cee19975c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
9c29abc5fdfd383d7d2e0fa3e803d39d

SHA1
1c9dfd2d0c396612529fca92e0695ce1798769bd

SHA256
50d5e1335852f0635459a7a9cb8a2b46a3e001dff09ea040e107eccf103ddab7

SHA512
2d2b3d934240b01c3a998c0c767aed2d13506081504c9e3abeaa1269b5657397af8423bb407d5f8cf21b3ac7e86df351c91dec715842152b99fedc3e7ba971a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
5dd3b6dbe43ac99b4ce7d072982159f9

SHA1
ffff66ac62c1bc2d4807a7c1fea03b021662f434

SHA256
915b97e06d284408269e125525197cdd157af519c2b782b58307dcfae25a2f39

SHA512
e07aed6995b7bfbded0a66031fbcb6b7e968fd3c596247aca3dba36f3358ca1fcf85ce9af1e5da1f560816b3e77a6cc01f82ec9997fb7ffd39c1b6ce79811e68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
689d400cd1e2f3437a469213f1969a34

SHA1
3afbbc1d830ee14467c5b7d7bc4de99e7420e1c3

SHA256
1e72195d8d6d889ba8889c453e6d00f53748b61c2ac009f418d83f3680f127b5

SHA512
cc1131680cbe639e7ee0d30e0d6b94b5818468200ba865b9a5290e54c5bc5f9a7cfd7cb47dc6f47879fa2d9cfd09b47ae2034c5fa3d1dbf1a1e41e644a2171cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
24d8bef5fc259286f4feaa59baeae75e

SHA1
bf2a420ee2620eed19ab14ec8247dfc6a6bf4401

SHA256
f7cc7de0f3a56590cc8c81bb45942210bfecf00702b2aacd3fcec46901ba40d8

SHA512
85b2c805953e1df7f282a53439990025238b92d907f040a138b2a16b1fdaf34a0f4980c9b2de0ba9aab221a0d93b3df3b23005a5ae3f4d2bcdb094ea5e99dc34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
e4c231eeb4dbfbf17e0e5a73a0c51202

SHA1
1059b3fefb8ae9260afc23e4f40e239dfa6b4459

SHA256
e9ba5f8f479eeb1d59e8773f167d0baa3e738a4b41c49d9cd21e3e65dd65e433

SHA512
a07a03351548a993bfb1f86159b950559a38520b1c7cbb50f617a2d74c293f741f37e3f65882e668fcefa4608766441fb78876975be64138704e175574ff99fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
cd177e56e5029792c2572112c1a4af26

SHA1
b4e5e46f4184ce6f58c273a3ba81a778bbe840d3

SHA256
2734fd012eb31b183a2cdf272a9c53ef2bb77badf76bdf3ffb719ebbb9025bc8

SHA512
21471fd0edeaa1aa916c80a995c7ed87b30346cffea23b684c3bb638e3f35e6759dbb9c9cde80485414a6904ad46ee7b4bcb10b2de7d148dbc8fb3726dd580c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
92cde57cfce2016bc16354e3ae58863d

SHA1
72163d99da20d9f59422d63d28756b8cecf06c74

SHA256
8aca699f345b164e14a5b4a4082cd979d32776bef8f5320602bbd73510bdba49

SHA512
a9889e02fcd2093da135d1c955aacde654757025800c613fecf1265b8a3052a24a6369477d1ebeb077b50c0ada648ffc9e11c650bba5d3d938ebc0d19e363435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
ee070888a48e3a01dfb703416b0d01ce

SHA1
d2b61ed57f029fdb9c2a570263d73a7d1304ba5c

SHA256
302cab069a903cb2ca7af3a29ebe967fc027d802a16ffa92614993c03e893088

SHA512
6532c023372b7f4e7a45aa219ce5567dcef5e61905c4da60e38e8cfc3277ecbe40f64c9c9d0b3fb311b72fcef03735b1d8eba59ee237928ff911c5c09e94fcea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a5168ecc884270aac64eb9e79b411196

SHA1
f4831696f893542d60763c93944119785df7cf19

SHA256
c87dddd755c84ced7d22211a65c63761d20b214bfa188c4a208a1f0cdf62217f

SHA512
2db1879a5076abb3b41fbdc06137d4096214b8fcca61f85bbdbc61585a7049dbe2797fbb96a4331016e9b6536036c7d74f61487d80fd01d52fba727e64d32bbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b04275f8405c2a873c3717c00cf4217e

SHA1
96701df4ffe51a7d94f3fe271b21969078f277ba

SHA256
5adc03ac79c148d5e82e6aa25e007adbf4157816a2592aaccb515c2a75d62b13

SHA512
c3399436c3d5223d3196be8374b1f06ba61565d1e63c22fd05e32bed182a52fff7e882b8400baeb604b07fffdbb4700139bbaef9841b0ee33dadf535524d838d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
fd5310c4d1d8bc80246fc4f83a3d1f47

SHA1
c76b01156850ee2e7df8e13f08fb23426af95461

SHA256
a72395385e9455437a3f4c59c6c3a9637c9e14f069b40cb561b52136acadfa94

SHA512
e668d2e0c998b966fd041e1349940e8a1e6b1e447298010e403e16014da6700706130bcf62ffa6a3de940ac66b46e139e7ffaf75daeb78782f6ff204b83cb40d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
cce7923175245e7830a07f4e3c9ae7d5

SHA1
c6953ddb21b0d199184b593da3a4514181998092

SHA256
1b19860ac3f7cfe5ad2a063f3340d125c52d3405ec3b08f9ada9581e88e0f24b

SHA512
487ff74c83fc1316934fa622003c700e81500fe0875a5d457c429787a1cec2c2274f979f46f07c6d9298e20fc6394fd4bfe66a0b908d23272ce0020db6d1c431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cee60e7351bd7918a0db7c4ac17650c6

SHA1
d20268b6059148cea468e788ea7600681424da43

SHA256
5e0584ad8761558038b628637b73b9e7369e033687433c8200959af4de05d46a

SHA512
ecadae885c59667039dd5d3daf339a43827e34b464332e15972b9365f4cc979cf0dadd0860c364a59f65317dfeef5cbfd84ef53af4ddd39c64bbdf1de0de9e10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
205f7762eb60f206a31c1df1b05de40a

SHA1
7df9d4e70287fa6c5a961918744a707f49632710

SHA256
700c749336bbfb81f9201846e0fb7705328844444e89307c5b9f54045cdd7528

SHA512
b1ee7de91ef67b7c92394addbb2ff89760e54375b77a7e14e135fe7e717b28f9e1423e1b7f7ecba486de0f62e114038f0908af57e21d9359ef28825ae0ac4332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d0c706605d3d1716981a310afba360f0

SHA1
30d3efbe982935bc7c7f3b7191f3fc2883ed9e36

SHA256
a999bf1df0aab7db2e83beccad6ee7eea76ccfefa766c685fe2fd812bc496372

SHA512
c123eaf73fb47a49390403b044195ccfd95d0985487b4dc846de6e202c5c9ab6176cb528a64843257700e7d66bbf199b8c1141dc0bb4accbd706f9e5237e4be1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
68706cb5f0c87d00f376bedd8052ae6b

SHA1
aa3ed904729c91f2b54c9d95096c40b2dffcb1ed

SHA256
e0a60bcad9fe3956dbb0f6065f39997076bc872f02114d3d499c9979bcbb2ff1

SHA512
1f7f6dded0e47545bf8d93a1509834e5594e293f63a4381256316f4b5a97e1688175672b6d0aed7a8bc326cd915c1bd5c828f2caf60396516627e3ee4d38819c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c2cd774e1cdb48ebd8e62ff6616cd2b2

SHA1
60d2ce563a90549f1951bc2aa745781c31b88309

SHA256
3d079e181fd50ebaf6a93a4eb15c0ebb6160ce1beabe07ead75c561183bdb916

SHA512
2ac6cb7ebf011a79abeb78dbb8b6ddaa9f141e72afccedfd406b49fc53d720f4e8d33da69a79634672705b8392260559f0686de0c347c938b71d5b468db7e8a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
bbce9a7cd9ecc34e831eb1d35cd86de7

SHA1
6547b21d54d9a5a2c1865d2c7ccc4d76bbd80319

SHA256
d3c33349c0f85cdef665bbec9c0daedb4e6a7778d4d7fc177e4a54522ae29a6d

SHA512
4c0240af333bf4e234448077be9176fb4a125c7abd9c4900e26f9d8be115777640c3cd3d997aa236eff3bf3c1bb085087a8e46ef92bd584f96cba69e1bf596d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
9253f85f53092d46db0dcbf0bb9d0e0f

SHA1
37bb62f167fa042aebc439b91982623da165d29a

SHA256
f1b8b374df7d9d43d7334ff5c94eae2b068091e163114ef654c265b36971eace

SHA512
e2377db1b37f13f8f7982adb7b7278bf3148eb59e3166a48c2490203bff5f52a8be79c0bf11334b26e691e9dcb35cd53a86b2e800d8cab3096d9f819b161e87b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4382ab0abb0bf7d98fa777b3d9116da9

SHA1
92d9c4f90cf9c8ad6ff3965bb59de4f776bc3c34

SHA256
ef751dea4d92975f8313d6c3e82208e5d9ac420394926f5df9aec419a3fc72e1

SHA512
f6b8116da54fb3034b138e1681f1a8cea93fde6e93f1987a1458a08dedfc62a1e2d2b89b1372a974f17e1362e84af6681f12193edae487186986117445828b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
bab5ad1c351c36dfc6b9380c6e4db913

SHA1
83ee4d4150c01956c5d7e603c53d1301faa41e3b

SHA256
1a20b857cd5370868436d1c60dc0df2368ed71e0f35dabf10827579aefd4d7f4

SHA512
09caa2a14babd7723022f156004bf1c2b1196bc54a999d24de1485554a94d852b47bd05379e327086d32e7e64ca604a3f2f782d6b9d18d8a6ad5ee29e911e3b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\997cd479-e426-4723-b58b-3d0977961a0c\index-dir\the-real-index

Filesize
1KB

MD5
322fbb114678754071cbfdbd84a6ecdf

SHA1
5b303c5b47d08cc2e1b9e3dfb5364c0d180f6325

SHA256
36dbba55bad2d4f5809cab720cb959720660fdd65b2d318d97b9024efe331201

SHA512
cc733396f4b587e5960b41319bb0b55f2bf31e6c7f639860adbe5f9ac4ca3cd2c7aa3b4f9a229a2f6c8dc982acc0cf36d3e9a1a71ae7edfe36f6cf483c95c74d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\997cd479-e426-4723-b58b-3d0977961a0c\index-dir\the-real-index~RFe61100d.TMP

Filesize
48B

MD5
ef0c02693e71f4f71e62999bd8e836a3

SHA1
40366c8e1cd02a7d81de7be515b26a27416c8600

SHA256
08837cf36d415f5c728427625a2ed3f374730b0c53e0a5dfa3ec47e69409062c

SHA512
283ab5f7ab8d9a495492cbed0e6f35add85ee3496197d9c5f91bc0f51a57c5db284d053a40a17660da46ca86584ad956de12ed2cacfd718b87c8f41763464886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt

Filesize
115B

MD5
e36899883674d518a959215a661a6396

SHA1
b7760a42de1e27c7499ba8017f1d20e2a72ba780

SHA256
12efc4cac8f6eb22d8bf48750595c89d0f85be999207dd66cd5503630514d76f

SHA512
bd7366bf87b389ae7cfc9e9eeb3978d177ab21b48d07158725ad20ada70f574e7536fd5b31306641312c8a058a0f98445c0e62e72c59b547b498b5e6cce1aee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt~RFe61103b.TMP

Filesize
119B

MD5
fdfc66f28f83b68da94ed0d855ad6d17

SHA1
569d96c6a47cf912ef2db54b4161932fcc974ab3

SHA256
7e1f06636fab06977bed85108ec7f0c9ccb6dd5031d65452b730b932f5142e49

SHA512
1a4492d9944278843640ff85777db4775fcb0c097b5b46b417013dd271103d3848aab41c583b2a7a4e14c79b09f215cce9c519442deee4c4c688eb8eaf62ef7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
85acb1530ff4067933435b10c2b8e65e

SHA1
f5ee8830b8fd73ab9670a0d0779d8d1937b7732a

SHA256
26cc2edbb82a9409bdccffdc438972111ef0db4da61908207c63f82418efba4e

SHA512
ea56219e50b21f00475481b9efced49ccd05cc815cb8c37e14b19057fe2bc45cafac57ab4ee06faab396d38ecde52eb4aacc36ece9b32ae2d2789f09a83a0f87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe6107fe.TMP

Filesize
48B

MD5
d3219998381aaa931703118e654daae9

SHA1
eb629e9beb9ae68d09f8397dc78b4609e339e178

SHA256
274f147572c9f972b39fcd1d3be28a3da0b2f4ffbfa23beb48348e2addcb9374

SHA512
994dc234ea840dc6d78013030d331d71e60d23db12bd0d043afaaa9fa84306b1afb57f179b0582dd822b7addc594cb12c976891dcbbd2edcb72917f105e29bd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
5KB

MD5
fc79285fc131b50a39a693cfece2cff0

SHA1
fb266f712ea62030d91659babfeb37faa2b5583b

SHA256
483964434d92157298fd480f13a747752a7ec07360de92f785f7b28fde2fa75d

SHA512
f4c5182ff5e808166cd447ce0b7e1d63d0ae0654db29e6baa4bb23d0fa1dd0509037411b6a2fb3de623a5cf2c0d791ddf4c4761c3a83c975ad2b84f063a82ad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
bfac05bfb0121b965ff48f7bdde15360

SHA1
3cbc4d97138c96d59470b801167d7bc3a9563d6b

SHA256
eadb575c9edc10cd83ec3d663b87580eb396fb8f8d461fa69250e91b40cf5199

SHA512
0c88858ed56cfe581bc91a972e620d7fe76f834de889289403a11a8a1a02e37f26c1a731ace8d8dbafef90c47277ac3cb06fef9ef2eb2c9e7a588fcf0470cf48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
d77b1ec837b16f46f04ed26e4ece9552

SHA1
56539b48806ddf77110c231f3afedc3d890965a5

SHA256
411c03913b9aa6046803a3a0fb34ec20c9d56fa77d68dd6ee5704da80acb7d0b

SHA512
fa6819a8450a984ce40a7ba13257b87bb81555c418bc1b1384979462d7921ce5d9e42ca17d4cea20aa730431ff2e97938b9a335669377140179a4abc19b0b536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13363295494368299

Filesize
4KB

MD5
8a08d613a2090f0006eda449ce26f84e

SHA1
0049f9ebc4da5b2f0d238af4245ef59ebd8f2ad5

SHA256
dd08f4944af5661ea208502fa26cbc8ebe939187628fab7b73becfa89e539429

SHA512
a1ab2db37aed6ecacb43feb7366d2a2d4e0e473d92626ce5a59901ceb7d08acb70047dfde504067df36a20994c74be1a6050bb9c138f80770118b256a42e6327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13363295777735328

Filesize
16KB

MD5
9d7116607d0035ca198e238f73cb9d49

SHA1
c1047f4236b97627c15d0c49800e6402db9e133d

SHA256
f7476fefece969af7216fc36b726616d1c80ab367b8ae7f3618d661b56286ff6

SHA512
491ce4d907b144b0bacf5a5160db72bc13d90f836ec32a263ae617ba2dcd19cf346f189fdcb286c66ed0c3f5cc3e6a9e0bf07cddc1d1e6725e78ad7392077eef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
488fcc30480c9842e4bedfbeb5da4088

SHA1
79035328f4b4e7e36d69416ea889aa40615efa31

SHA256
81e8184a370bbcd069b9e4a0a69a7f15239d9cfc3f90db7fe5cd1b2e56fae9e6

SHA512
b4dc621f62ecbc99069b86c263f4e64548119b5ef54a759ced08f68b2c86af3965de7b7b0be36c347098b84e4e4cac124de5204a0d6b66caa68be945bf5faf79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
c9b48eec6c13bef3376c1daac22c93d0

SHA1
547ca06ab1968048e6bbddfab3299ff82bb1da1e

SHA256
bfd9f4968259d25c85551599edeb12b33e78328a43f95f9498b60810d9327db4

SHA512
5dbe72646f6194897e8315932a7f95185f83700cae80e7f6835a43b5219c5d9b5e0627b08cf265eef089f1b28bdca82a2a522106bffe6f9ed26402b541781b78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
1018d81ca5deaae766c5ca131def09b2

SHA1
e2cc12fe54331aff86c2490d2db36b0b62c1458a

SHA256
91b28c58f1e2171ef7dbe7e404c1a308ce3bff6f3e9b3f775fabb44ad18dbcc1

SHA512
e93313076d176dcc0ee6876de8c6117ca99e2baede924713eb601e40d63cfd726ce1b38279a997fef6564407ee327b691544499d97b5675a53170c704f39d613

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
17cfabc5995321c64913bb2ebd68dd45

SHA1
617de2b9d50a4e2d99fb8c4b470b95673e1e66f7

SHA256
6758e514ac74ccf908980f1e31f8c2b6e9c633887f2015bc05ddcf5f83e195e6

SHA512
2b59a341c8ef50e66de4f2a8710cfeb6eb89f54086bb047d8ad28d528f81d1d99f82435005926ed86c5e29d9efb89b296ba8e38533ad69529f7a54681ef7dd96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
09e11e5c08c151e16d23cd44dee55f2c

SHA1
2852ddb947ab94cf8e6704cac0cca42f8e0d4ac2

SHA256
43a9138be2bb29d4e3536f09aaf9856640cd27f69f8cf31785ff19af331a66a2

SHA512
7d7deef262bd33a835e1ff7547fba6d7c786d7c5909251243e301d1868b6b27feba70ea00f00c0a28fffba6aabbac7e66fc95a8c0ac5a6408c493ef133cbc8d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a9571f12b9790ae8713cedb9e935fd9d

SHA1
3fcbc1da879aa8ccb2a0408bbb8a0cea3d468115

SHA256
aad68b9b5950c2209f397840249724be1d3bf87640226a5df2c117701520f219

SHA512
d2589d23cfa3071effb333a1f6d0888cda77d258bb0f266da59a1ca3b6de69c6126e086bf243cf2021ccbcebab8dbdd16770a3972def3435becac24d1579cedc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
91c12fd669ffea6efa8e8cb4e84bdcea

SHA1
8004274c7de456a896f8d3890f6a008001e8ceed

SHA256
424bb9efb08c5c1088b115885c66a5eeb5c297eab6242af605f0a76824d60e47

SHA512
1fc7b59ea7e24f0e029d3d76fa66cb15754bd1fe7cea4c4f71d8cba65eb859a5714ac3b3b6adfa8464d6f77530e6120d0a02b0c154a5d2019c2f32996a4dff9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
be323b5c44b4e85a5a7d149912d61721

SHA1
7906cf935979c2a5a2121306a065e7e7d3707315

SHA256
348e4780c41a050df4bd43f389acb71374dba23d6e44c5d420c49c17728180ab

SHA512
93d90615fa9e3711d0f7503f55fddb9cf2c75a6575fca0a5554d70507f056c5d9186535d18c2beee2f46afc8b3a4abaab7f8a5910bdcaa22d8e2e5b96ed84817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
c412fa4dae69cab88f555ffa94a07569

SHA1
d88932762c68b3dfd82e914f5c64b855f7e73fd1

SHA256
dc64951bfb1e8fdc6eddf23e03d2d9bd801f32c7ce7cb1132042ae167aefe1bd

SHA512
ae940d1672050d623fbab3de798fe358de91e27a536f30e89af13684dd641627dfa1d728c3148f5e9ae2490cd2febc30b2bfeb51a8b2a23487c4840f3c5b887a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3ed3b82e359f21a28e7bb84968d6ffcd

SHA1
35cff60b3a9c14a242c36fa9aa33626a17bdbf06

SHA256
761de842573b85b4da0a5028c43e1d8848db73441eff71377acf2608c60a9e53

SHA512
8496e7046b33a58ce36a63a7a0aa3b6b5ff43e7f1670aa03383f893820fcbf82f1d80c797b66bbc1f0cdb8f4f28904164fa3b2effb08a39aa712cff11a3a1a7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
92da51b6c1a1a37efec65abe543ab7b2

SHA1
30800e4eeba543db3b2d57728ebcfe107a892b8f

SHA256
05139445f20ebf0d8a498dc08a82a5e32582c8719477ff2adc59ed79ad2cdf75

SHA512
2fabb57813b768fe7d1eb1fa58eceb2e315c39a7ec448bc761cd70884a06a5b353adf99ab43ade6af0433e2d0a3c5d226a166e4c492a0fb204a05205a8f714c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5794ae.TMP

Filesize
874B

MD5
f98e0e2127da89186d4b82cbf49d88d0

SHA1
a11f841c5dde2b30b76f6431dcbb8b512b5e3c9f

SHA256
4aa5d325afa322b73643a1bca409c7aa6b3e8d0632b27eef6e969b9c8068e19c

SHA512
2aa4dfedf6b0234688a285308d0a7c50aae6d85425999525fe0b0f90d6a4c6623ae68133cc33aeb4ec5a53550865f3407de3db4a853416bf7743809df7fbcf34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
a979fc35053368cb69e2298bbd9629da

SHA1
cd9cf87883203a4fec312b86df53608aa80e1290

SHA256
b027f0d1008cb2c58bad47f43b099099d2dfd14d92d07b0d8be2d6832a714015

SHA512
1f7b473f71663c1ca1c8a028160d44ddaba3f0700e8d7a4a3ffcfc7837ce64757c6193178c46a661e7fe1636616a3ac5801a1c80c99a56ce5c1f34384aa28c95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
edd71dd3bade6cd69ff623e1ccf7012d

SHA1
ead82c5dd1d2025d4cd81ea0c859414fbd136c8d

SHA256
befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6

SHA512
7fa9b9ef95db0ce461de821f0dec1be8147095680b7879bad3c5752692294f94ebc202b85577b5abac9aeaf48371595dd61792786a43c0bd9b36c9fc3752669d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
ab6ab31fbc80601ffb8ed2de18f4e3d3

SHA1
983df2e897edf98f32988ea814e1b97adfc01a01

SHA256
eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8

SHA512
41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
904754a73eb4f8a75410a92b2b7a920c

SHA1
208f9e70a93742e8ca1f5e2537690172971209be

SHA256
c3225bb8babf9823a2daf2bccae0cafc5d3e0857c5f24187dc004f1b2560b4db

SHA512
cb251f3f6679b9f339c3697f64ed056ae53caf22aedbf37fb57dfe47e8c0e95f295cb180c342e415bc540a9332c0aa9253af7fd2ac17b3e80ad94bcf2cf29469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6671db8c02f3c234bc5b756619a0ed77

SHA1
ff451a14cdd61df48cce4448f118377af77da143

SHA256
f7858098c26ef2a143b0e7cafbc03040c3c1c3185f446517108a7bdd2a6d9c4d

SHA512
1c6182196ec6086d5316c741f974e6ec4efcedc3eb835ade8df2762d2ff245f055c05ed95e06fea3e04fe3a08e9582846cf2588c31fd69fc4978440039604ba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
ebc863bd1c035289fe8190da28b400bc

SHA1
1e63d5bda5f389ce1692da89776e8a51fa12be13

SHA256
61657118abc562d70c10cbea1e8c92fab3a92739f5445033e813c3511688c625

SHA512
f21506feeed984486121a09c1d43d4825ec1ec87f8977fa8c9cd4ff7fe15a49f74dc1b874293409bd309006c7bbc81e1c4bcba8d297c5875ca009b02e6d2b7be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
a874f3e3462932a0c15ed8f780124fc5

SHA1
966f837f42bca5cac2357cff705b83d68245a2c2

SHA256
01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d

SHA512
382716d6fc0791ca0ccfa1efba318cff92532e04038e9b9aa4c27447ac2cac26c79da8ee7dbafae63278df240f0a8cab5efea2ee34eef2e54e884784147e6d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
c6c1a9af50f7c72361bd73480e0fb318

SHA1
a405757840b882ea4c8b0b4606e14e64c6d0038d

SHA256
e9a8e32f40b836d602a577d0255943a91f438191fdfbb14de66ebe612079cdbb

SHA512
8b9208093580b1c758d90eadae9c927a78379225de462627c3c8ea60c88b08abd10c263ac0133817f9853c1f6d2894519781f7e0c84133229242017f64d334c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
26d52a3c82e62b535b72b41afef1da60

SHA1
d2ac443b410ba98cb0cd22cb4ac8265bf664ba12

SHA256
25990ca832393218890c056e0dc911072af3d64e2d0f057638fd08d160421f87

SHA512
673ba7da3c1eb9d29bd33d4b3ed5e69cf3ab9809f495ce72f855624f70565ad7dce54a0b69ac96d3a62754ab897cd34431de467118d8bbc7503be5b6639e090e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
4KB

MD5
4f9ea96791df8b7d303ee5ff95dc3ffb

SHA1
6e58c4f371e2f4546b6d809f2c9e61ebd5d2d3f2

SHA256
cf7b80bfe34109dc66bdc479269e0bba5fa21622b01ad375186ba6ee9f3e4395

SHA512
0acf684be0af853341323bbb0d29f55babc942b0d6a5ea91562753f2cd7182b3af392f750a4fbbe41836f2190a89097138727176bf97319645f10a23c4d29c8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
4KB

MD5
5e91a8483fbdeb4ee037606a764e99cf

SHA1
d017272282ed832b4b10c6ace47dc6f7534e8ebe

SHA256
4bfc7b91aa3807b73fd4bd5df7ce1eeca36183c0cb1aba0e784412e044eaeda9

SHA512
a7a448b15919d3ca4e1a40aec1f05ec17cbedf7f5e000de5a5ce2820dcc769c84df08bb3125456741dca3e41b2c32fc6af29507ba114d2abf92583cd4b98eaa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
dbe8fbbf35187943fd4543e13ccabb87

SHA1
6064ee0727636ae5b334afa27e17086216617e4d

SHA256
998dd24c82711cdb1a0c5e628e83884012bc6d7ea60fcbf6bbc8c2aa37f3a2a2

SHA512
47a2dbbd4dd9e28491d260ef965f180fdceabda2fdc4733bddcd62737863764b42fd11557ffc772327330e14b3e8025462b7c9c79b4deda94ede15137ad65869

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
573233513dee42ed241e51a3b8303a79

SHA1
c994e99add9fb0366f633d0c2435116ac0c74b85

SHA256
faf3dbda2f3f1182f260cacee0eb42f6b3558e066b0844f94236c8584fd8b1d2

SHA512
dcb5a4e7ecd6d439ce93f2605afae1d2f073717432acf4924a6f0ae401df299624951526d4821c93e3eb8f7fe6491dde09fbfb8b2a8ae7dcbaad09365c38e03e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
a2458e34fa103f7f65e31fefb31b2e79

SHA1
45848b6202b4b55c5b12f73b165f673da78c100e

SHA256
72517b707bb33cf4e1c1020bf3a4d1e7831dc4526d7a4e9a7d42c11e5fda8261

SHA512
a0f57c23e712e44e86ffc548e25d112e20d47f31a7c74329ddf84b574e073ad0d63a21a6eaa49b0e1dbf4732b4bf6a416ffb0ba0f8f489d58b40dc57061ac0d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
374210ef7540734721373d21382358bb

SHA1
896f89e97fa8a39a7b8a7fc360bc9b45ac55ce24

SHA256
26cfe6fb173019150eb76f6041e24f4df20b54262d0b3ee851ce2647d0ba4352

SHA512
c821409489e141c447937ebb5efbb42060de74e8b43062926ecde2eca09ca326dc20374f6c889f2df3b05a57b3b66207b91aeabdd455304527641757d7c08d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
3068335b6c543b28045422adc0118d0d

SHA1
a05f4f937e026828cb8cfc615c6249cddef12a31

SHA256
3b47306f4bf50e53f02413c0d6a7209d50d758b161485fa3b86b1472d9b8f446

SHA512
6c9a59b0b9a5dc97a692d7a180d3fbb505b2630a661e92c73ebb80606b7a30ae6786feb27306b7065fe7e1c573c7eec94b9ca9854415c0462b40860817d1276a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
ecada70c6d895f6167a4061e13714599

SHA1
80cde61b5942afbf4f1999a1c3201e905005edfb

SHA256
d7a8ca2378466d119b4549d59c4bebb569b6fad08b12982d385a773195370d83

SHA512
0dd35ff65b77d3323502dd7800ab5485278de9726bd166ceeaf23689cf27be48cc0f806f85181f2035763c2998519c36f431c04530ae59fe1a18f0ce44a60691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
44f9276936482a582175de2b55447df8

SHA1
b346e7fad4b9bd933569b2e15ba0d08531bd2d85

SHA256
3a45dbd278b12d9ccdf0651a22eb050ac29dd2d4255089a0a25f41bfe7db527d

SHA512
7e3beea0403dbf47b4cd5e0c3fd0e55ad01a9397762bf3ddb006f2ebd515a65afa0f3e583272034af4f4ab8be1db514d80b68b64f9bd2cbe0f3fc19a5653c31e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
c45a33feffe04cc0d518e603b513458e

SHA1
0d4cfd6ea8a170940a29dde6c8492b23136d0b1f

SHA256
a6dd18cf953a92ae29d465646fd03e0a986825807a60dd0e38cd150c5641e0b0

SHA512
d5ce3693c8fc3a5dd1e8bc33bc542087de067ecb0f82db6f8faf6f3326163241456ddc9d3dbd912607e4dea38a80572d06f4d540a73213305f2f0795d28160e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
1be06cb0de5efc2e229d68c2d976f9b9

SHA1
094d3a4a1ae3e591131209d0fc12d28c9e157a62

SHA256
21f881cc5baa7bbdd34a7e5ecd745903809bc9dc9f2180740592350c4dfaaf2d

SHA512
33a3a03f4803ebf20dda7c6a3bc6bda66633dd23d5706673a6976b24c0c92deace79334002368b67b453199909f2843424e224c0a2809516fa5b53195ebc86af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
b75d7cb95f8ff365783e020da3dba092

SHA1
c1867d0ffe6866bb286b8a1453fc3141b9453c9b

SHA256
362cb46d8e2881a880865c4164d19d651a9505bf3984e92faafaabfaae6b91b3

SHA512
85ee93ff0b5eba699933035b41df12a82003a7da1c27902274554321f7fc71151914fa8026a8194135aac6dcb7f17f964256c27c2f410c4ec5b4fa29a725a74c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
49a4765a9560d99435b32d261386ea6f

SHA1
f25c1ecb5247e04db2595adab841087150609eed

SHA256
08d82c164130836a4f3d260eb1b64612dd65b5ed79f85bd51ac19a10f466a2e4

SHA512
bad5c8bfe0aec6af974546f74bd67ef0eefbc9c3c84a2000a62bf74f7cdbc132340c16c062d36296c322c5cc7ec375f9435b4386dc6663d94073fe72835f02ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e46e757f374a1e839c64ef0e93d9c03f

SHA1
8e9c7ff3dab2ff3e0ddcedd5bf547b3ba78e6355

SHA256
59a2d6f17ecdbab61ac4556fe631cfb751db67b7010a4b04101db62dade0aa93

SHA512
4c45cef96e4ffc07f14e50638fdff7d57232f81290292142914b5fcb6dac056cf7ff2b0d78f4b006f5719164d2350880ebf369db79b2fe3d2e1a1c1c18ea3d54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4825be6d160c2629aae2ac3d6cabe586

SHA1
6cf59f00f9f5f8cb78ed6dc0957710df8e56a0c8

SHA256
e0f78603a4b15b008b690b20b1f588508002fc973a8ae1f8e5b705f26a52faf0

SHA512
51f73d80448d9c225e3f7202a51e66220394ddf6238134e96037477242c460d785914db75b534c8a86c5485418e4ec35e83e1629efcd4ae2438e71a3f2e8d7da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8bee0554c0a66d9c2a39055debde6792

SHA1
48bf9b362c5cb865fe23250fc1a6b22e9d009f63

SHA256
51f98912cbf735e441891186cf92c694c2e29a621533536eb3f9d6fcbff7ce63

SHA512
0723cbbf8e5107185605cd4118be6cf54d54a63fb4276fc70c3d81e1f3cbeeceea21becfe462c1b7a239840251023deace3e10b4679a3b5e9ad323ba5713dbaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a1ad2054a10ccf43032376e0e59d86b9

SHA1
b6a75ea6f37c99dcea2b752625a9c896770ee005

SHA256
1fcbd8a2bcf2c02e8c99a48fca71c015f4e9be20117c67f23fb3e55c7ac960a4

SHA512
4a2bb424e52c2e00b7e62885d4ac95f2b48add4ca07bb224b9c4745be6f08dfa8de2be163e99796134cf23c59b9acc9126ca7cb8a4a7b11583ba2f9da066406b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6e4b981020f923650f41ccfdbead2e1f

SHA1
0b89b94e6cd134fa4829997fece56f091cdab25a

SHA256
37b6910ec499864c12b5de164b011287f09bcd370ec9ae2a8cac20d54d745500

SHA512
379a72f8704524f3678df3f748dab6fb91b2a253807f3692926da649898773cb41b26bf3fd60fee5e17c296cb554255f23feac9dcd914b1a89b5ebfda896de3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6233f4af6835b695d3cbb6c5335eb5ac

SHA1
86ab2a2b0a84f67230e64fa5478748c7439bbcdf

SHA256
b2a0e8827707f4a55cc9a08b03c76a0af1adf9dada0748539423daa896c2be4d

SHA512
bf4cc58734ec5339583a5112eaa23a03440fbe6495a7b826ea6f1c446ce6ba59a632d813e4c899d74e33fe648f5a93671e1d6d28b4abfe7a497b430e97bdcc1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5add035aec438b49c4febeb514f9877e

SHA1
c7f9bee3c5b5cc61a9960b8834a19d23ac08e342

SHA256
3178525e8f24a1feb336a696939e6964e5113f19da1fb8d90bed4b4b3e7ab130

SHA512
bdcb7641dfaecebb2bf16ed06f16f6a4882cc6b35bd7fe2ffc7245afc3c4d803f9db21e60a7e3ec1f95cd8bf7faa6dfd79c809966c3003f64cb5f31c35538f39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1ce97dd026179a442df438f620527b50

SHA1
c10806c1c9ac6228129c35c7487b8ed32320f859

SHA256
664108cabe4d2efe00f2ee2adc89255694ca3904667b76a5ed838a976b7bf9fb

SHA512
55a2facdf9187703bda3ae57419320cb13904026cda34b04212e7b6335f85ae3427c8dd31bcdcc438077ed1071a002c15c4074cb770583bfe7245db37d849ac5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
85c8c1cda5d3b3fd7a1c64052d5f188b

SHA1
a2abef51682ccfd9371110e690c21b0288de6ca0

SHA256
2cc468a60d1df62fca28be755523818b9690bdf7ec2d57b50ef89cb4c95cbf12

SHA512
95730fe6efeea20458de4a97bdf659ad72221e3aa8fa261da0416b0cbdedb54307e823464ddac6989c767076dafbb23d20b90e40c8414bd78d5077f62bf1b0e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
44f3d3af4c9d7886c9b651925849f417

SHA1
d23c2c30b058ffb09c23278bdc5df84e3dde590c

SHA256
cc402af1a6a2e01fc50891393c563bc1f598d0d09d71548bf9ab1ca7498c52da

SHA512
a36212f862987eaa6b0f26db614da08e40636d1ad83bbf9e895b492a528c77ced24dcf5359ab6276da187193ef6bd3bc8cb2c8e1f7bbdae33dbc5f1ece89759a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b9f368291bfb0172d9ea8e8bcb8c293d

SHA1
98fa65f96978f36149ca03eb901c7bc1ca0d745d

SHA256
d70b723230ec652f21c64e6a8116c2d83abbd3ef67b9e14f8ad514c90fbadac8

SHA512
9700b8f61ffc1d60c431e4b329212d785d7b16ee5c56943e3a300cba6a8dbbb9f5359626b2b43a0d1f8ae4adc5329df895a680200d19f7f54fda09cd2b665a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dc06b9829486258728158a4a0f63bcaa

SHA1
2093f2b19afab23d2f837f8ce7e54c20027baa0b

SHA256
a56811a98e66ae7ec9d94d733ce9bf2db41f589d3f3181ab02c8f335032ff6f5

SHA512
0a29d7893ec98a62a984b0a47dee1c53d4c66b43c900637aed2cce565a1c8c81938d5df7c5571f8cb984524cbcd3b1f3b2b5c8a0e9296e59993e89c36c3e5045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3130d4b1093243169e3ad89653220266

SHA1
d7f3d08757e8e6a56399636f4318c4fbf47eb1f3

SHA256
59f6cadf309ab08b6f41d636aa76c3037c60122d2f83d598b0ea69abdf898aee

SHA512
6045761bd7d078dc081e8d8cbff937b40bd5a3eebf5465ae9626092f8a221ecabce40320512e7fd103cbfabe325d0ddb67140a2feab34732812b5de0b99097c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a1baf3e8cacf21f69b7d8ad982d23037

SHA1
a2d245d28d7ee757b76a5a71e3854998e867b305

SHA256
5a482c777b547e7fdcb2d0818c4223f87d40422dbab11a03ee0b38145dfb425e

SHA512
c51831d250c19bde72f4100f0929d065e99df0fa7b53441bf584483b825e64f1e66d8399183cf750b180c7a2ebf6fc3c1d4fef3bdb00d2f645140279bd6f633e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cbfe4b88bf1768cdafae9b0e0cd74b63

SHA1
8ad07d5751e0e7ec7b2920d6355d4c8927dde90e

SHA256
f11d6ea13f6949cf13881278200ec0fc3dfc7e48aabea8d5840fb451034b6379

SHA512
b74b3ddb20bb91f46cd84f23ea24cc9e5f3d32b12c014cc0c8a4110c1491ebea50fa0c20c65f310389038c2aab10cf0aa5d3330a10d45023a86bfc0a91e09e02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1cf6059614aff85ffc5c897d51eff8f6

SHA1
106915f5313ab4da3693b636a5fce133a5d83272

SHA256
38825cbe1fdeeb5397108c0160b215056d972c2a4682f2c146a494791b8ff8dd

SHA512
6e62815285eb61b8375cf727584fb33973c949d378c66799cbf8f304014a4118cdec8d40c53f68910c24398b9c21ba3e6f79f83824657c0dd3a609eb8b629268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
fd7e82c190a4e891b2dd273c22ccaad5

SHA1
5bcb976d0b242b8eb5430c9e6e7ebdf0a9eb6e46

SHA256
0833f3221ee74829cdced524cf9df9d9717d11da4f16012266b39c77c0613f42

SHA512
8dc692863f9da4f3ea7cad8e355a87e5e134966da8b7dbdcec771e86439c58fcc719958522f62309472778aad310146ad64c8face3fa7f0acdc53f523a896c9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1a01beb4ee1053419c8a0e1ba1568eab

SHA1
32f84f1a58ee5bc5483dcf3aab72b9c6d94ef2a2

SHA256
6fd01e501682bdba8f7739d8fa112be99d34c742b4d5faf248c70299215950de

SHA512
e23557bade49fd3473b3037f01d1a2abc868889ee30bedede509ffb3fe4d45e3e570f84200a94784bc72a1d2586ba9167bc79bcb9456a977817522fd3f7cc32f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
fb8f21c6965e3aabb68bc729560c689d

SHA1
616107fc35af77f2177e381c26823acf801b1e1e

SHA256
4145cd6e508bb82e3d8f25d331305379cecdd1a34765c174552ef6a78472d8e3

SHA512
8107d88e94592c7badb918ea1f3d0ef7a28278e612b7c8704562bbe53ca015892ff26b20c7b5bb8733aededa261a6c916032ce80f4258c03a2308873c732aac8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
76187c26686cd5a792949de5315b56e0

SHA1
e2acc3770e37c3eac6899d491d6b05ac08efb362

SHA256
09ee201b94c80205f7413c7668b52af97938f2d2967012541d4a55b16aeded78

SHA512
e615fcdc3b354e7643ac3db841a270fb3e77e6442db06df1c1d3e7f077ca66f7212b96f39911365856e9832eab018506943d6b7f859c46b14fa219e2b661263c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
959e91182309497d664735af35b070bc

SHA1
7c4f2e777a4a53c096abe47a9298abd505b5c108

SHA256
43157050cbd0fc033d04e0b04a047671a2130d4e5f755fe11816865ed4440330

SHA512
a53525275027a1096cbf09e257143c528eff8102ef47f4d6180b1285cca5165f23d658bf0d6ad08bae9a4e3e7bbcd2d0b567debfcd216a21ed05ab817484a92e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0ef73ef2491a4339b4a618ce60df7306

SHA1
d6591543f7a82846dd67f2aa2e9549c03865ca6b

SHA256
49e3fd77de38a3d77fbf20c6ac6010aa4886aa9856c20a6232a6506910389684

SHA512
5adc7b462e6dce9009468cfdf59e74653298412eb88e70289db13b596696ad48df7b4b6be213bba48b325d760ffef169d0a02e8d46a8cf92a85a8b5fb78bf2bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
fe265e5090813cebe159ec1624f6a489

SHA1
98968f78a14259653812018f4475ed14d83eaff9

SHA256
e7a6a526d442b8af06b7031a703c8acc11a645d497c24af7ffda7819be63676a

SHA512
cc82469391354e996c8e1c71d90ea26fc73a96012f49758dd19c0938353c28ca90f91886b36954a27763260df8aa58032222ba9d67654fae6a65d98e01c2a02f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
ad0cf905fbb16634038c271ee7257c7d

SHA1
dc5ee6579ab70a50a8fe75a86c36b37273c24755

SHA256
d5164d2c9805972a7586f45cce6413511ee4b76bf20da12c29030d4d225c2dde

SHA512
731474f4c6c6d7a30b1c9f6f2e48d433715ef7cf5411a1c0d0778ec01a9967b55bf74e90b8a2f5cefa9d81b92bf81a0465004293f493b31064cbf0dfcced8152

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/720-1658-0x000002DBEDDE0000-0x000002DBEDDE1000-memory.dmp

Filesize
4KB

Download
memory/720-1653-0x000002DBEDDE0000-0x000002DBEDDE1000-memory.dmp

Filesize
4KB

Download
memory/720-1654-0x000002DBEDDE0000-0x000002DBEDDE1000-memory.dmp

Filesize
4KB

Download
memory/720-1652-0x000002DBEDDE0000-0x000002DBEDDE1000-memory.dmp

Filesize
4KB

Download
memory/720-1664-0x000002DBEDDE0000-0x000002DBEDDE1000-memory.dmp

Filesize
4KB

Download
memory/720-1663-0x000002DBEDDE0000-0x000002DBEDDE1000-memory.dmp

Filesize
4KB

Download
memory/720-1662-0x000002DBEDDE0000-0x000002DBEDDE1000-memory.dmp

Filesize
4KB

Download
memory/720-1661-0x000002DBEDDE0000-0x000002DBEDDE1000-memory.dmp

Filesize
4KB

Download
memory/720-1660-0x000002DBEDDE0000-0x000002DBEDDE1000-memory.dmp

Filesize
4KB

Download
memory/720-1659-0x000002DBEDDE0000-0x000002DBEDDE1000-memory.dmp

Filesize
4KB

Download